Vulnerabilities > Cisco > IOS XE > 2.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-29 | CVE-2015-6268 | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. | 7.8 |
| 2015-08-29 | CVE-2015-6267 | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | 7.8 |
| 2015-08-01 | CVE-2015-4291 | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | 7.8 |
| 2015-07-30 | CVE-2015-4293 | Resource Management Errors vulnerability in Cisco IOS XE The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. | 5.0 |
| 2015-04-03 | CVE-2015-0685 | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. | 7.8 |
| 2014-11-07 | CVE-2014-7990 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | 6.8 |
| 2014-10-25 | CVE-2014-3409 | Resource Management Errors vulnerability in Cisco IOS XE The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 6.1 |
| 2014-09-25 | CVE-2014-3354 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547. | 7.8 |
| 2014-04-29 | CVE-2014-2183 | Improper Input Validation vulnerability in Cisco products The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | 6.3 |
| 2014-04-24 | CVE-2012-5723 | Improper Input Validation vulnerability in Cisco products Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | 6.1 |