VYPR

iOS Xr

by Cisco Systems, Inc.

CVEs (99)

  • CVE-2016-1366MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

  • CVE-2017-6666MedJun 13, 2017
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting…

  • CVE-2017-12355MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief…

  • CVE-2017-6599MedApr 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS)…

  • CVE-2016-6421MedOct 5, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.

  • CVE-2016-1433MedSep 18, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.

  • CVE-2016-1376MedApr 12, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.

  • CVE-2016-1361MedMar 12, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID…

  • CVE-2007-4430Aug 20, 2007
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are…

  • CVE-2007-0480Jan 25, 2007
    risk 0.01cvss epss 0.09

    Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.

  • CVE-2023-20191Sep 13, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An…

  • CVE-2023-20236Sep 13, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this…

  • CVE-2019-15998Nov 26, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a…

  • CVE-2019-1711Apr 17, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker…

  • CVE-2019-1686Apr 17, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is…

  • CVE-2015-6301Sep 20, 2015
    risk 0.00cvss epss 0.02

    The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.

  • CVE-2015-6297Sep 18, 2015
    risk 0.00cvss epss 0.02

    The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.

  • CVE-2015-4285Jul 23, 2015
    risk 0.00cvss epss 0.02

    The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial…

  • CVE-2015-4284Jul 22, 2015
    risk 0.00cvss epss 0.02

    The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

  • CVE-2015-4223Jun 25, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

Page 2 of 5