Vulnerabilities > Cisco > IOS XE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-10 | CVE-2014-3405 | Security vulnerability in Cisco IOS XE Software Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. low complexity cisco | 4.8 |
| 2014-10-10 | CVE-2014-3404 | Cryptographic Issues vulnerability in Cisco IOS XE The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. | 4.3 |
| 2014-10-10 | CVE-2014-3403 | Cryptographic Issues vulnerability in Cisco IOS XE The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | 5.0 |
| 2014-07-09 | CVE-2014-3309 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | 5.0 |
| 2014-06-14 | CVE-2014-3290 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE 3.12S The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | 4.8 |
| 2014-05-25 | CVE-2014-3284 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | 6.1 |
| 2014-05-20 | CVE-2014-3269 | Improper Input Validation vulnerability in Cisco IOS XE 3.5E The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | 6.8 |
| 2014-05-16 | CVE-2014-3262 | Improper Input Validation vulnerability in Cisco IOS XE The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | 4.3 |
| 2014-04-29 | CVE-2014-2183 | Improper Input Validation vulnerability in Cisco products The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | 6.3 |
| 2014-04-24 | CVE-2012-5723 | Improper Input Validation vulnerability in Cisco products Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | 6.1 |