Published: 15/07/2016 Updated: 01/09/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Cisco IOS XR 5.x up to and including 5.2.5 on NCS 6000 devices allows remote malicious users to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios_xr 5.2.3
cisco ios_xr 5.2.4
cisco ios_xr 5.1.1
cisco ios_xr 5.1.0
cisco ios_xr 5.0_base
cisco ios_xr 5.0.1
cisco ios_xr 5.2.0
cisco ios_xr 5.1.3
cisco ios_xr 5.0.0
cisco ios_xr 5.2.5
cisco ios_xr 5.1.1.k9sec
cisco ios_xr 5.1.2
cisco ios_xr 5.2.2
cisco ios_xr 5.2.1

Cisco gives you two nasty bugs to fix before the weekend

The Register • Team Register • 15 Jul 2016

NCS 6000 and ASR 5000 routers need some lovin'

Cisco has patched two vulnerabilities, including a remote denial of service bug in its Network Convergence System routers. Attackers can send packets to TCP listening ports running SSH, secure copy protocol, and secure FTP that can overwhelm NCS 6000 routers and cause processors to reload. The Borg rates the vulnerability (CVE-2016-1426) as highly critical on account of it offering a method to remotely disrupt routers in certain configurations. "The vulnerability is due to improper management of...

CVE-2016-1426

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect