VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (285)

  • CVE-2016-9199MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and…

  • CVE-2018-0160MedMar 28, 2018
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a…

  • CVE-2025-20240MedSep 24, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device. This vulnerability is due to improper sanitization of user-supplied…

  • CVE-2022-20849MedNov 15, 2024
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not…

  • CVE-2023-20082MedMar 23, 2023
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of…

  • CVE-2020-3479MedSep 24, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

  • CVE-2018-0480MedOct 5, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and…

  • CVE-2018-0190MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2018-0188MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2018-0186MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2017-12304MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The…

  • CVE-2017-12272MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input…

  • CVE-2025-20248MedSep 10, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have…

  • CVE-2021-34709MedSep 9, 2021
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to…

  • CVE-2021-34708MedSep 9, 2021
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to…

  • CVE-2020-3201MedJun 3, 2020
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is…

  • CVE-2018-0476MedOct 5, 2018
    risk 0.39cvss 5.9epss 0.14

    A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper…

  • CVE-2025-20225MedAug 14, 2025
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger…

  • CVE-2025-20145MedMar 12, 2025
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are…

  • CVE-2024-20465MedSep 25, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect…

Page 11 of 15