102 matches found
Cisco IOS XR NCS 6000 Packet Timer Leak DoS (cisco-sa-20160713-ncs6k)
The version of Cisco IOS XR running on the remote NCS 6000 device is affected by a denial of service vulnerability due to improper management of system timer resources. An unauthenticated, remote attacker can exploit this, via numerous management connections to the affected device, to consume...
Cisco IOS XR Software for NCS 6000 Series Devices OSPF Packet Processing Denial of Service Vulnerability
A vulnerability in the OSPFv3 processing of Cisco IOS XR Software for Cisco Network Convergence System NCS 6000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the OSPFv3 process and result in a limited denial of service DoS condition on an affected device. The...
CVE-2016-1426
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service timer consumption and Route Processor reload via crafted SSH traffic, aka Bug ID CSCux76819...
CVE-2016-1426
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service timer consumption and Route Processor reload via crafted SSH traffic, aka Bug ID CSCux76819...
Code injection
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service timer consumption and Route Processor reload via crafted SSH traffic, aka Bug ID CSCux76819...
CVE-2016-1426
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service timer consumption and Route Processor reload via crafted SSH traffic, aka Bug ID CSCux76819...
CVE-2016-1426
Cisco IOS XR 5.x–5.2.5 on NCS 6000 devices is affected by a denial of service vulnerability (CVE-2016-1426) due to improper management of system timer resources. A remote, unauthenticated attacker can trigger timer/resource exhaustion by establishing multiple SSH connections (and related manageme...
Cisco Patches DoS Flaw in NCS 6000 Routers
Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers. The flaw rests in the management of system timer resources and could allow an attacker to remotely crash the...
Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability
A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 NCS 6000 Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the...
Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability (cisco-sa-20160323-ncs)
A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be...
Design/Logic Flaw
The Device Work Center DWC component in Cisco Prime Network Control System NCS 2.10.0.85, 2.20.0.58, and 2.20.0.69 does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371...
CVE-2015-0768
CVE-2015-0768 affects Cisco Prime Network Control System (NCS) Device Work Center (DWC) in NCS 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69). Root cause: improper implementation of AAA roles, allowing remote authenticated users to bypass access restrictions and execute commands via an active login se...
Cisco IOS XR NCS 6000 Multiple ntpd Vulnerabilities
The remote Cisco device is running a version of IOS XR software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation PRNG, the functions 'ntprandom' and and 'configauth', and the 'ntp-keygen' utility. A man-in-the-middle...
Cisco IPv6 Denial of Service Vulnerability
Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier...
Code injection
Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System NCS 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X CRS-X devices allows remote attackers to cause a denial of service line-card reload via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241...
CVE-2015-0618
Cisco IOS XR DoS (CVE-2015-0618) affects IOS XR 5.0.1/5.2.1 on NCS 6000 and 5.1.3/5.1.4 on CRS-X. The issue arises from improper processing of malformed IPv6 packets with extension headers, allowing remote attackers to trigger a line-card reload and thus a denial of service. Evidence in multiple ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System NCS and Wireless Control System WCS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375...
CVE-2012-5990
Multiple cross-site scripting XSS vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System NCS and Wireless Control System WCS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375...
CVE-2012-5990
CVE-2012-5990 describes reflected XSS in the Health Monitor login pages of Cisco Prime NCS/WCS. Affected component: Health Monitor Login pages. Root cause: input validation error leading to reflection of HTML/script (CWE-79). Impact stated: attacker can execute arbitrary script in the user’s brow...
Cisco Prime Network Control System Version
The remote host is running Cisco Prime Network Control System NCS, a network management system. It is possible to get the Prime NCS version number via SSH or SNMP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66860; scriptversion"1.3"; scriptcvsdate"Date:...