Vulnerabilities > Cisco > IOS XE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-18 | CVE-2015-6294 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | 6.1 |
| 2015-07-30 | CVE-2015-4293 | Resource Management Errors vulnerability in Cisco IOS XE The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. | 5.0 |
| 2015-07-08 | CVE-2015-4243 | Resource Management Errors vulnerability in Cisco IOS XE 3.5.0S The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202. | 6.1 |
| 2015-04-29 | CVE-2015-0710 | Resource Management Errors vulnerability in Cisco IOS XE 3.10.0S/3.10S.01 The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. | 6.1 |
| 2015-04-29 | CVE-2015-0709 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. | 6.8 |
| 2015-04-29 | CVE-2015-0708 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. | 6.1 |
| 2015-03-06 | CVE-2015-0598 | Data Processing Errors vulnerability in Cisco IOS and IOS XE The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | 6.8 |
| 2015-02-27 | CVE-2015-0632 | Race Condition vulnerability in Cisco IOS and IOS XE Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | 5.7 |
| 2014-11-07 | CVE-2014-7990 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | 6.8 |
| 2014-10-25 | CVE-2014-3409 | Resource Management Errors vulnerability in Cisco IOS XE The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 6.1 |