Search criteria
21 vulnerabilities found for asr_9000_rsp440_router by cisco
FKIE_CVE-2014-3396
Vulnerability from fkie_nvd - Published: 2014-10-05 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C15E168-11DA-4219-B689-78BC48935263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
},
{
"lang": "es",
"value": "Cisco IOS XR en los dispositivos ASR 9000 no utiliza debidamente la compresi\u00f3n para la codificaci\u00f3n de los rangos de puertos y los rangos de direcciones, lo que permite a atacantes remotos evadir las restricciones ACL de la tarjeta de l\u00ednea Typhoon a trav\u00e9s de trafico de transito, tambi\u00e9n conocido como Bug ID CSCup30133."
}
],
"id": "CVE-2014-3396",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-05T01:55:13.110",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3335
Vulnerability from fkie_nvd - Published: 2014-08-26 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B692CE-4052-4F9D-8A87-3E93DCBAAD6D",
"versionEndIncluding": "4.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074571B4-65EF-451A-89DC-0797F6E4BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D909532E-85F5-4201-8BFF-561A21998D97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
},
{
"lang": "es",
"value": "Cisco IOS XR 4.3(.2) y anteriores en los dispositivos ASR 9000 no realiza debidamente el muestreo NetFlow de paquetes con direcciones MAC de destinos multicast, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgues de chip y tarjeta) a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocido como Bug ID CSCup77750."
}
],
"id": "CVE-2014-3335",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-26T10:55:04.573",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/60222"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/69383"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1030757"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3322
Vulnerability from fkie_nvd - Published: 2014-07-24 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/60311 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=35009 | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/68833 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030623 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60311 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=35009 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68833 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030623 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B692CE-4052-4F9D-8A87-3E93DCBAAD6D",
"versionEndIncluding": "4.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074571B4-65EF-451A-89DC-0797F6E4BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D909532E-85F5-4201-8BFF-561A21998D97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
},
{
"lang": "es",
"value": "Cisco IOS XR 4.3(.2) y anteriores en los dispositivos ASR 9000 no realiza debidamente el muestreo NetFlow de paquetes IP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgues de chip y tarjeta) a trav\u00e9s de paquetes (1) IPv4 o (2) IPv6 malformados, tambi\u00e9n conocido como Bug ID CSCuo68417."
}
],
"id": "CVE-2014-3322",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:07.723",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/60311"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030623"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3321
Vulnerability from fkie_nvd - Published: 2014-07-18 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=34936 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030597 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=34936 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030597 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23014C8E-362A-45AB-9628-B7153E729430",
"versionEndIncluding": "4.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074571B4-65EF-451A-89DC-0797F6E4BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D909532E-85F5-4201-8BFF-561A21998D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D962D3-563F-4CDE-B51D-224D7995FBC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149."
},
{
"lang": "es",
"value": "Cisco IOS XR 4.3.4 y anteriores en dispositivos ASR 9000, cuando el enrutamiento de \u0027bridge-group virtual interface\u0027 (BVI) est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgues de chip y tarjeta) a trav\u00e9s de una serie de paquetes MPLS manipulados, tambi\u00e9n conocido como Bug ID CSCuo91149."
}
],
"id": "CVE-2014-3321",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-18T00:55:04.923",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030597"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3308
Vulnerability from fkie_nvd - Published: 2014-07-07 11:01 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/58869 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=34843 | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/68351 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030525 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58869 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=34843 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68351 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030525 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C15E168-11DA-4219-B689-78BC48935263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985."
},
{
"lang": "es",
"value": "Cisco IOS XR en tarjetas de l\u00ednea Trident en dispositivos ASR 9000 no tiene un static punt policer, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) mediante el env\u00edo de muchos paquetes manipulados, tambi\u00e9n conocido como Bug ID CSCun83985."
}
],
"id": "CVE-2014-3308",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-07T11:01:30.227",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/58869"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030525"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1366
Vulnerability from fkie_nvd - Published: 2014-04-23 11:52 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios | 15.1 | |
| cisco | asr_1001 | - | |
| cisco | asr_1002 | - | |
| cisco | asr_1002-x | - | |
| cisco | asr_1002_fixed_router | - | |
| cisco | asr_1004 | - | |
| cisco | asr_1006 | - | |
| cisco | asr_1013 | - | |
| cisco | asr_1023_router | - | |
| cisco | asr_9000_rsp440_router | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7C321E-F083-4AB6-96A0-D6358980441E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4376E56-A21C-4642-A85D-439C8E21CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002_fixed_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAE214D-8DD8-4DA3-872A-609E7CE6E606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55DD2272-10C2-43B9-9F13-6DC41DBE179B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7428E0A8-1641-47FB-9CA9-34311DEF660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "854D9594-FE84-4E7B-BA21-A3287F2DC302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_1023_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399C03D1-C4B2-4DE6-9772-EC0BD88D7FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544."
},
{
"lang": "es",
"value": "Cisco IOS anterior a 15.1(1)SY en dispositivos ASR 1000, cuando seguimiento Multicast Listener Discovery (MLD) est\u00e1 habilitada para IPv6, permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de paquetes MLD manipulados, tambi\u00e9n conocido como Bug ID CSCtz28544."
}
],
"id": "CVE-2012-1366",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-23T11:52:59.010",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2488
Vulnerability from fkie_nvd - Published: 2012-05-31 10:17 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C513C0-97CB-4F5A-9942-5AF48742BDA9",
"versionEndIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F8B336-0DFA-41CE-9EFF-89A09BBDC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1D1B60-C94F-44BF-8194-7758394E31C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E63681-C89F-4569-A52C-B870D48E436C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E593EF3-133A-4E15-9B86-6B451F5C0159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB49EB2-2D99-4C45-80B7-48299A1EBF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6ABB63-E2D2-42F7-B648-BF6002D1C05E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:crs_performance_route_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D383DA-04D7-4789-B7F7-B31FD645BA8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
},
{
"lang": "es",
"value": "Cisco IOS XR anteriores a v4.2.1 en dispositivos ASR series 900 y dispositivos CRS, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transmisi\u00f3n de paquetes cortados) a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocido como Bug IDs CSCty94537 y CSCtz62593."
}
],
"evaluatorImpact": "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr\r\n\r\n\u0027Affected Products\r\nThis vulnerability affects IOS XR Software version 4.2.0 running on the Cisco ASR 9000 Series RSP440. It also affects IOS XR Software versions 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0 running on the CRS Performance Route Processor.\u0027",
"id": "CVE-2012-2488",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-31T10:17:38.763",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/49329"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/53728"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1027104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027104"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-3396 (GCVE-0-2014-3396)
Vulnerability from cvelistv5 – Published: 2014-10-05 01:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-05T01:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3396",
"datePublished": "2014-10-05T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3335 (GCVE-0-2014-3335)
Vulnerability from cvelistv5 – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3335",
"datePublished": "2014-08-26T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3322 (GCVE-0-2014-3322)
Vulnerability from cvelistv5 – Published: 2014-07-24 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "60311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68833"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3322",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3321 (GCVE-0-2014-3321)
Vulnerability from cvelistv5 – Published: 2014-07-18 01:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3321",
"datePublished": "2014-07-18T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3308 (GCVE-0-2014-3308)
Vulnerability from cvelistv5 – Published: 2014-07-07 10:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3308",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1366 (GCVE-0-2012-1366)
Vulnerability from cvelistv5 – Published: 2014-04-23 10:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T06:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-1366",
"datePublished": "2014-04-23T10:00:00",
"dateReserved": "2012-02-27T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2488 (GCVE-0-2012-2488)
Vulnerability from cvelistv5 – Published: 2012-05-31 10:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-18T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "49329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-2488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-2488",
"datePublished": "2012-05-31T10:00:00",
"dateReserved": "2012-05-07T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3396 (GCVE-0-2014-3396)
Vulnerability from nvd – Published: 2014-10-05 01:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-05T01:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3396",
"datePublished": "2014-10-05T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3335 (GCVE-0-2014-3335)
Vulnerability from nvd – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-cve20143335-dos(95443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
},
{
"name": "69383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69383"
},
{
"name": "60222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3335",
"datePublished": "2014-08-26T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3322 (GCVE-0-2014-3322)
Vulnerability from nvd – Published: 2014-07-24 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "60311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60311"
},
{
"name": "1030623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030623"
},
{
"name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322"
},
{
"name": "68833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68833"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3322",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3321 (GCVE-0-2014-3321)
Vulnerability from nvd – Published: 2014-07-18 01:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34936"
},
{
"name": "20140715 Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321"
},
{
"name": "1030597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3321",
"datePublished": "2014-07-18T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3308 (GCVE-0-2014-3308)
Vulnerability from nvd – Published: 2014-07-07 10:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34843"
},
{
"name": "68351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68351"
},
{
"name": "1030525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030525"
},
{
"name": "20140703 Cisco IOS XR Software Punt Policer Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3308"
},
{
"name": "58869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3308",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1366 (GCVE-0-2012-1366)
Vulnerability from nvd – Published: 2014-04-23 10:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T06:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-1366",
"datePublished": "2014-04-23T10:00:00",
"dateReserved": "2012-02-27T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2488 (GCVE-0-2012-2488)
Vulnerability from nvd – Published: 2012-05-31 10:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-18T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "49329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-2488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49329"
},
{
"name": "1027104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027104"
},
{
"name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
},
{
"name": "53728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-2488",
"datePublished": "2012-05-31T10:00:00",
"dateReserved": "2012-05-07T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}