VARIoT IoT vulnerabilities database

Fortinet FortiVoice is a complete business telephone system developed by Fortinet. Fortinet FortiVoice 5.0.4 and earlier versions have an HTML injection vulnerability that is caused by the program's insufficient filtering of user-submitted input. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to an attacker stealing cookie-based authentication. Fortinet FortiVoice is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Fortinet FortiVoice 5.0.4 and prior are vulnerable

rtsp Unauthorized access , May cause the camera of Yushi, Hikvision, Dahua, Tiandiweiye, etc. rtsp Video unauthorized access

Yushi SD camera video stream can be accessed without authorization

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. (DoS) There is a possibility of being put into a state. HP Integrated Lights Out is prone to multiple unspecified security vulnerabilities Limited information is currently available regarding these issues. We will update this BID as more information emerges. HPE Integrated Lights-Out (iLO) is an embedded server management technology of Hewlett Packard Enterprise (HPE), which uses an integrated remote management port to monitor and maintain the health of the server, remotely manage the server, etc. A security vulnerability exists in HPE iLO. A remote attacker could exploit this vulnerability to obtain sensitive information, modify data, or cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05236950 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05236950 Version: 1 HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerabilities could lead to multiple remote vulnerabilities. References: CVE-2016-4375 PSRT110038 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. iLO 3 version v1.88 or subsequent iLO 4 version v2.44 or subsequent iLO 4 version v2.32 for mRCA Moonshot cartridge or subsequent The updates are available at the following locations. The updates for iLO 3 (v1.88) are available at the following locations: Online ROM Flash Component for Windows x86 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1539977532/v116232 https://www.hpe.com/global/swpublishing/MTX-3ef65d13406a41de97e6a75a3c Online ROM Flash Component for Windows x64 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1015659653/v116234 https://www.hpe.com/global/swpublishing/MTX-bb45e0682dd04f098ad89e189c Online ROM Flash Component for Linux ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p1573561412/v116231 https://www.hpe.com/global/swpublishing/MTX-4882dccaaa0d4fbcbd353033e6 Online ROM Flash Component for VMware ESXi ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p986822869/v116230 https://www.hpe.com/global/swpublishing/MTX-04b05621285145119cbaa69982 The updates for iLO 4 (v2.44) are available at the following locations: Online ROM Flash Component for Windows x64 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1382755333/v119759 Online ROM Flash Component for Windows x86 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1012384589/v119761 Online ROM Flash Component for Linux ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p192122427/v119757 Online ROM Flash Component for VMware ESXi ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p1892756734/v119758 The mRCA firmware is available in the Moonshot Component Pack 2016.07.0. The service pack is available at the following location: ftp://ftp.hp.com/pub/softlib2/software1/component-fw/p1800397686/v113113 HISTORY Version:1 (rev.1) - 12 August 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXrj7pAAoJEGIGBBYqRO9/l5EIAKHmhueTTqIjgqXvzFOiNeKl tm6YrwkueLgdmn1n0/m4bQ78QCQCO5Kv3df6f9Lts9tv50b4N95gN0Wo1Ucy8AGt BM5CyLbpdCVHib9Wc8n2QoqRzq7hEgBKWJT6/JF2nqrwJd1ogTFgTtjI5ZSwpRZx W+jGoLEybzQKEdre84q+LyCqtxJ80TBxX1KMfuB1bR7p1E7tCXAx37/V2N7VNBn+ GaLIm0A+UM2ASv2/fVMnkK9mgYNtVM0cbEZ7gP/NGOPKjxlIjYYD8Mkqv/KPY38a IzVvXhFQJ5EEBuiTr9czpgXycntCrX2xxTE0bNS6pUB24CJrX4NOkCzfEp3IO6c= =Cwdh -----END PGP SIGNATURE-----

ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value. The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. In addition, National Vulnerability Database (NVD) Then CWE-284 , JVNVU#97004768 Then CWE-636 It is published as CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html CWE-636: Not Failing Securely ('Failing Open') https://cwe.mitre.org/data/definitions/636.htmlRecognized by a third party SSID By using the value, connection with an arbitrary access point may be avoided. ZModoZP-NE14-SDVR and ZModoZP-IBH-13W are digital video recorders from ZModo, China. A security bypass vulnerability exists in ZModoZP-NE14-SDVR and ZP-IBH-13WCameras. ZModo ZP-NE14-S DVR and ZP-IBH-13W Cameras are prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlImportant information may be obtained by a third party. HPStoreFabricB-seriesSwitches is a series of switches from Hewlett Packard (HP). An unexplained information disclosure vulnerability exists in the HPStoreFabricB-seriesSwitches7.x release. A remote attacker could exploit this vulnerability to gain access to sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05236212 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05236212 Version: 1 HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2016-4376 PSRT110173 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. StoreFabric B-series Switches FOS 7.x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-4376 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI d=emr_na-c01345499 Hewlett Packard Enterprise thanks Daniel Compton of Info-Assure Ltd. for reporting this vulnerability to security-alert@hpe.com. RESOLUTION HPE has made the following firmware patch available to resolve the vulnerability in Store Fabric B-series switches. The fix is available in HPE B-series FOS v7.4.1d and v8.0.1 To download the patch go to http://www.hpe.com/support Select "HPE Servers, Storage and Networking" under Product Support. Search for your HPE StoreFabric B-series switch model. Select "Get drivers, software & firmware" Click "Firmware" under OS Independent Downloads. To read the Brocade Release Notes , click the "Manuals" link under the Knowledge Base tab. To read the HPE Release Notes , click the "Release Notes" tab in the firmware download page. Also, in the "Manuals" section, see the Fabric OS Administrators Guide for a description of the process to verify the firmware download is complete. HISTORY Version:1 (rev.1) - 12 August 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXrioLAAoJEGIGBBYqRO9/nBUIAKU+sWfFiB36FGJeHwySMxMO WOfrRMclhGtqQrD4KrZVLKXY03DusX+cCuKEQD6DrGPq5MiPPOG/Wf/Tbx15L5k1 IsxKaCR69Wexu4/hNtiqc7VVqBJjEhLl95ULBiFFXFCRmkKAp8K1cBPym7/27aJd b/nffNX3zL6K9vihBAdbOLr/XtxccjUMKKCSIx+juGCPONkh9XTfJZIxipM4BNWF aeycrY4RXOSMNMu27XCi5FiHbuTysvbyYDM7bCghwiXatW8Hi6DYJE6ffTuIYsx9 qquu5SPlTZPgxwOWD5Gx/pgB1Eep8fM9PDzQHBcFtcLJH8oIi5pdgsBRxzMQ2AA= =x+Te -----END PGP SIGNATURE-----

ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party TELNET Access may be gained through a session. ZModoZP-NE14-SDVR and ZModoZP-IBH-13W are digital video recorders from ZModo, China. A security bypass vulnerability exists in the ZModoZP-NE14-SDVR and ZP-IBH-13W recorders, which originated from the use of hard code certificates by the program. ZModo ZP-NE14-S DVR and ZP-IBH-13W Cameras are prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party SNMP Any firmware update may be loaded using community information. Rockwell Automation MicroLogix 1400 1766-L32BXBA and others are programmable logic controllers (PLCs) from Rockwell Automation. A remote privilege escalation vulnerability exists in the Rockwell Automation MicroLogix 1400. An attacker could exploit the vulnerability to gain elevated privileges and perform unauthorized actions

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

D-Link Multiple router products offered by have a stack-based buffer overflow vulnerability. Stack-based buffer overflow (CWE-121) - CVE-2016-5681 program cgibin There is a stack-based buffer overflow in the process of validating the session cookie contained in the function in. this function is, WAN Side interface 8181/tcp It is also used in the service that waits at. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlArbitrary code could be executed by processing a crafted request. D-LinkDIR-895L is a wireless router from D-Link. The following products and versions are affected: D-Link DIR-850L B1 Version 2.07 prior to 2.07WWB05, DIR-817 Ax, DIR-818LW Bx Version 2.05b03beta03 prior, DIR-822 C1 Version 3.01 prior to 3.01WWb02, DIR-823 A1 version 1.00 before 1.00WWb05, DIR-895L A1 version 1.11 before 1.11WWb04, DIR-890L A1 version 1.09 before 1.09b14, DIR-885L A1 version 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08 Version, version 2.03 before DIR-868L B1 2.03WWb01, version 3.00 before DIR-868L C1 3.00WWb01

SAP NetWeaver AS ABAP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. HuaweiS7700 is an intelligent routing switch of China Huawei. An insecure random number generation vulnerability exists in several Huawei products. The following products and versions are affected: Huawei S7700, S9300, S9700, and versions earlier than S12700 V200R008C00SPC500

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. Vendors have confirmed this vulnerability SAP Security Note 2296909 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. An attacker can exploit this issue to cause a denial of service condition

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Huawei USG2100 and others are the unified security gateway products of China Huawei (Huawei). Authentication, Authorization and Accounting (AAA) is one of the modules used to deal with computer resources and user requirements and provide authentication and authorization for enterprises. The AAA module in several Huawei products has a buffer overflow vulnerability. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200 V300R001C00, V300R001C10; USG5100 V300R001C00, V300R001C10; USG5500 V300R001C00, V1C10R00

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party IKE Phase 1 Negotiated and phased 2 Brute force for negotiations (brute-force) An attack may be executed. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The following products and versions are affected: F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 prior to HF16, 11.4.x prior to HF16, 11.5.x prior to 11.5.4 HF2, 11.6.1 prior 11.6.x releases, 12.x releases prior to 12.0.0 HF2, BIG-IP AAM, AFM and PEM 11.4.x releases, 11.5.x releases prior to 11.5.4 HF2, 11.6.x releases prior to 11.6.1, 12.x prior to 12.0.0 HF2, BIG-IP DNS 12.x prior to 12.0.0 HF2, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 prior to HF16, BIG-IP GTM prior to HF16 11.2.1 releases, 11.4.x, 11.5.x releases prior to 11.5.4 HF2, 11.6.x releases prior to 11.6.1, BIG-IP PSM 11.4.0 through 11.4.1 releases

Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. Vendors report this vulnerability Bug ID CSCux26791 Published as.Denial of service via a specially crafted fragmented packet by a third party ( Stop control plane protocol ) May be in a state. Cisco IOSXR Software is a fully modular, distributed network operating system from Cisco's IOS software family, including IOST, IOSS, and IOSXR. A remote denial of service vulnerability exists in Cisco IOSXR Software Releases 5.1.x, 5.2.x, and 5.3.x. An attacker could exploit the vulnerability to compromise memory on the affected router, causing a denial of service. This issue is being tracked by Cisco Bug ID CSCux26791