CVE-2019-1846 – Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1846
A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions. • http://www.securityfocus.com/bid/108363 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-asr9k-mpls-dos • CWE-20: Improper Input Validation •
CVE-2019-1686 – Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1686
A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. • http://www.securityfocus.com/bid/108026 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxracl • CWE-284: Improper Access Control •
CVE-2018-15428 – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15428
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. • http://www.securitytracker.com/id/1041790 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos • CWE-20: Improper Input Validation •
CVE-2018-0418
https://notcve.org/view.php?id=CVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. • http://www.securityfocus.com/bid/105185 http://www.securitytracker.com/id/1041538 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2018-0241
https://notcve.org/view.php?id=CVE-2018-0241
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. This vulnerability affects all Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software when at least one IPv4 helper address is configured on an interface of the device. • http://www.securityfocus.com/bid/103929 http://www.securitytracker.com/id/1040710 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr • CWE-399: Resource Management Errors •