VYPR

iOS Xr

by Cisco Systems, Inc.

CVEs (99)

  • CVE-2016-6415HigKEVSep 19, 2016
    risk 0.71cvss 7.5epss 0.88

    The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA)…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2018-0175HigKEVMar 28, 2018
    risk 0.64cvss 8.0epss 0.04

    Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with…

  • CVE-2010-3035HigKEVAug 30, 2010
    risk 0.61cvss 7.5epss 0.06

    Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with…

  • CVE-2016-9215HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.

  • CVE-2016-6428HigOct 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

  • CVE-2016-1456HigJul 15, 2016
    risk 0.51cvss 7.8epss 0.00

    The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.

  • CVE-2009-2055MedKEVAug 19, 2009
    risk 0.51cvss 5.9epss 0.03

    Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

  • CVE-2017-12270HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the…

  • CVE-2017-6731HigJul 10, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP…

  • CVE-2017-3876HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker…

  • CVE-2016-9205HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known…

  • CVE-2016-6355HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.

  • CVE-2016-1426HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

  • CVE-2016-1409HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.04

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…

  • CVE-2016-1407HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

  • CVE-2015-6432HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted…

  • CVE-2017-6728HigJul 10, 2017
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE.…

  • CVE-2017-6719MedJul 4, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed…

  • CVE-2017-6718MedJul 4, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT.

Page 1 of 5