3 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information. • http://www.securityfocus.com/bid/108687 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-ssh • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. telnetd en Cisco IOS XR 5.0.1 en los dispositivos Network Convergence System 6000 permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de un paquete TELNET malformado, también conocido como Bug ID CSCuq31566. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39293 http://www.securitytracker.com/id/1032560 • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 1%CPEs: 57EXPL: 0

Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. Cisco IOS XR 5.1 y anteriores en dispositivos Network Convergence System 6000 permite a usuarios remotos autenticados causar una denegación de servicio (NPU y caída de tarjeta o recarga) a través de un paquete MPLS malformado, también conocido como Bug ID CSCuq10466. • http://secunia.com/advisories/61372 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379 http://tools.cisco.com/security/center/viewAlert.x?alertId=35776 http://www.securityfocus.com/bid/69960 http://www.securitytracker.com/id/1030878 https://exchange.xforce.ibmcloud.com/vulnerabilities/96068 • CWE-20: Improper Input Validation •