VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (285)

  • CVE-2024-20322MedMar 13, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys…

  • CVE-2024-20315MedMar 13, 2024
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to…

  • CVE-2023-20191MedSep 13, 2023
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An…

  • CVE-2023-20190MedSep 13, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect…

  • CVE-2021-34737MedSep 9, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4…

  • CVE-2021-1377MedMar 24, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This…

  • CVE-2021-1389MedFeb 4, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The…

  • CVE-2020-3190MedMar 4, 2020
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec…

  • CVE-2019-1712MedApr 17, 2019
    risk 0.38cvss 5.8epss 0.03

    A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the…

  • CVE-2019-1757MedMar 28, 2019
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation…

  • CVE-2018-0131MedAug 14, 2018
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because…

  • CVE-2011-4667MedSep 25, 2017
    risk 0.38cvss 5.9epss 0.01

    The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN…

  • CVE-2016-6438MedOct 27, 2016
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following…

  • CVE-2023-20135MedSep 13, 2023
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install…

  • CVE-2024-20343MedSep 11, 2024
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to…

  • CVE-2021-34771MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could…

  • CVE-2021-1128MedFeb 4, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An…

  • CVE-2020-3477MedSep 24, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific…

  • CVE-2024-20266MedMar 13, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4…

  • CVE-2021-34705MedSep 23, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient…

Page 12 of 15