Vulnerabilities > Cisco > IOS XR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.8 |
| 2016-03-12 | CVE-2016-1361 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | 4.6 |
| 2016-01-05 | CVE-2015-6432 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | 5.0 |
| 2015-09-20 | CVE-2015-6301 | Resource Management Errors vulnerability in Cisco products The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | 5.0 |
| 2015-09-18 | CVE-2015-6297 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.0Base The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | 5.0 |
| 2015-07-23 | CVE-2015-4285 | Resource Management Errors vulnerability in Cisco IOS XR The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | 5.0 |
| 2015-07-22 | CVE-2015-4284 | Improper Input Validation vulnerability in Cisco IOS XR 5.3.0 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | 5.0 |
| 2015-06-25 | CVE-2015-4223 | Resource Management Errors vulnerability in Cisco IOS XR 5.1.3 Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. | 5.0 |
| 2015-06-23 | CVE-2015-4205 | Resource Management Errors vulnerability in Cisco IOS XR 5.3.1 Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. | 5.7 |
| 2015-06-19 | CVE-2015-4195 | Resource Management Errors vulnerability in Cisco IOS XR 5.1.1.K9Sec Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. | 4.0 |