Vulnerabilities > Cisco > IOS XE > 3.7.5s

DATE CVE VULNERABILITY TITLE RISK
2016-10-05 CVE-2016-6386 Resource Management Errors vulnerability in Cisco products
Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005.
network
low complexity
cisco CWE-399
7.8
7.8
2016-10-05 CVE-2016-6384 Improper Input Validation vulnerability in Cisco IOS XE
Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.
network
low complexity
cisco CWE-20
7.8
7.8
2016-10-05 CVE-2016-6381 Resource Management Errors vulnerability in Cisco IOS
Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382.
network
cisco CWE-399
7.1
7.1
2016-05-29 CVE-2016-1409 Improper Input Validation vulnerability in Cisco IOS
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.
network
low complexity
cisco CWE-20
5.0
5.0
2016-04-20 CVE-2016-1384 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE
The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.
network
low complexity
cisco CWE-264
5.0
5.0
2014-04-29 CVE-2014-2183 Improper Input Validation vulnerability in Cisco products
The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
network
cisco CWE-20
6.3
6.3
2014-04-24 CVE-2012-5723 Improper Input Validation vulnerability in Cisco products
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.
low complexity
cisco CWE-20
6.1
6.1