iOS Xr
CVEs (99)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4205 | 0.00 | — | 0.01 | Jun 23, 2015 | Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. | |||
| CVE-2015-4195 | 0.00 | — | 0.02 | Jun 19, 2015 | Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. | |||
| CVE-2015-4191 | 0.00 | — | 0.03 | Jun 19, 2015 | Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. | |||
| CVE-2015-0776 | 0.00 | — | 0.01 | Jun 12, 2015 | telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. | |||
| CVE-2015-0769 | 0.00 | — | 0.02 | Jun 12, 2015 | Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546. | |||
| CVE-2015-0695 | 0.00 | — | 0.03 | Apr 17, 2015 | Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering… | |||
| CVE-2015-0694 | 0.00 | — | 0.02 | Apr 11, 2015 | Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug… | |||
| CVE-2015-0672 | 0.00 | — | 0.02 | Mar 26, 2015 | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | |||
| CVE-2015-0661 | 0.00 | — | 0.01 | Mar 6, 2015 | The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | |||
| CVE-2015-0657 | 0.00 | — | 0.01 | Mar 6, 2015 | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |||
| CVE-2015-0618 | 0.00 | — | 0.02 | Feb 21, 2015 | Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID… | |||
| CVE-2014-8014 | 0.00 | — | 0.01 | Dec 18, 2014 | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | |||
| CVE-2014-8005 | 0.00 | — | 0.01 | Nov 26, 2014 | Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | |||
| CVE-2014-8004 | 0.00 | — | 0.02 | Nov 25, 2014 | Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | |||
| CVE-2014-3396 | 0.00 | — | 0.01 | Oct 5, 2014 | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | |||
| CVE-2014-3379 | 0.00 | — | 0.01 | Sep 20, 2014 | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. | |||
| CVE-2014-3378 | 0.00 | — | 0.02 | Sep 20, 2014 | tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||
| CVE-2014-3377 | 0.00 | — | 0.01 | Sep 20, 2014 | snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||
| CVE-2014-3376 | 0.00 | — | 0.02 | Sep 20, 2014 | Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||
| CVE-2014-3342 | 0.00 | — | 0.01 | Sep 12, 2014 | The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
- CVE-2015-4205Jun 23, 2015risk 0.00cvss —epss 0.01
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.
- CVE-2015-4195Jun 19, 2015risk 0.00cvss —epss 0.02
Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.
- CVE-2015-4191Jun 19, 2015risk 0.00cvss —epss 0.03
Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
- CVE-2015-0776Jun 12, 2015risk 0.00cvss —epss 0.01
telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.
- CVE-2015-0769Jun 12, 2015risk 0.00cvss —epss 0.02
Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546.
- CVE-2015-0695Apr 17, 2015risk 0.00cvss —epss 0.03
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering…
- CVE-2015-0694Apr 11, 2015risk 0.00cvss —epss 0.02
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug…
- CVE-2015-0672Mar 26, 2015risk 0.00cvss —epss 0.02
The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.
- CVE-2015-0661Mar 6, 2015risk 0.00cvss —epss 0.01
The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.
- CVE-2015-0657Mar 6, 2015risk 0.00cvss —epss 0.01
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
- CVE-2015-0618Feb 21, 2015risk 0.00cvss —epss 0.02
Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID…
- CVE-2014-8014Dec 18, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.
- CVE-2014-8005Nov 26, 2014risk 0.00cvss —epss 0.01
Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
- CVE-2014-8004Nov 25, 2014risk 0.00cvss —epss 0.02
Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
- CVE-2014-3396Oct 5, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
- CVE-2014-3379Sep 20, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.
- CVE-2014-3378Sep 20, 2014risk 0.00cvss —epss 0.02
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
- CVE-2014-3377Sep 20, 2014risk 0.00cvss —epss 0.01
snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
- CVE-2014-3376Sep 20, 2014risk 0.00cvss —epss 0.02
Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
- CVE-2014-3342Sep 12, 2014risk 0.00cvss —epss 0.01
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
Page 3 of 5