Vulnerabilities > Cisco > IOS XR > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-09-20 CVE-2014-3378 Improper Input Validation vulnerability in Cisco IOS XR
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
network
low complexity
cisco CWE-20
5.0
5.0
2014-09-20 CVE-2014-3377 Improper Input Validation vulnerability in Cisco IOS XR
snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
network
low complexity
cisco CWE-20
4.0
4.0
2014-09-20 CVE-2014-3376 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
network
low complexity
cisco CWE-20
5.0
5.0
2014-09-12 CVE-2014-3342 Information Disclosure vulnerability in Cisco IOS XR Software Command Line Interface (CLI)
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
network
low complexity
cisco
4.0
4.0
2014-09-10 CVE-2014-3343 Improper Input Validation vulnerability in Cisco IOS XR 5.1.0
Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.
network
cisco CWE-20
4.3
4.3
2014-08-26 CVE-2014-3335 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
high complexity
cisco CWE-20
4.6
4.6
2014-07-24 CVE-2014-3322 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
low complexity
cisco CWE-20
6.1
6.1
2014-07-18 CVE-2014-3321 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. 		5.7
5.7
2014-07-07 CVE-2014-3308 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
network
low complexity
cisco CWE-20
6.4
6.4
2014-05-20 CVE-2014-3271 Improper Input Validation vulnerability in Cisco IOS XR
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
network
low complexity
cisco CWE-20
5.0
5.0