VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (292)

  • CVE-2025-20137MedMay 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the…

  • CVE-2019-1758MedMar 28, 2019
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An…

  • CVE-2023-20064MedMar 9, 2023
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion…

  • CVE-2017-12289MedOct 19, 2017
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec…

  • CVE-2025-20151MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to…

  • CVE-2022-20846MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer…

  • CVE-2024-20434MedSep 25, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker…

  • CVE-2024-20319MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This…

  • CVE-2023-20233MedSep 13, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid…

  • CVE-2020-3449MedAug 17, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting…

  • CVE-2018-0257MedApr 19, 2018
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the…

  • CVE-2017-12279MedNov 2, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The…

  • CVE-2017-12213MedSep 7, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the…

  • CVE-2025-20144MedMar 12, 2025
    risk 0.26cvss 4.0epss 0.00

    A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of…

  • CVE-2016-6450LowNov 19, 2016
    risk 0.16cvss 2.5epss 0.00

    A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release…

  • CVE-2025-20352KEVSep 24, 2025
    risk 0.12cvss epss 0.38

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device…

  • CVE-2025-20363Sep 25, 2025
    risk 0.01cvss epss 0.08

    A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker…

  • CVE-2026-20113Mar 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to…

  • CVE-2026-20114Mar 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability…

  • CVE-2026-20083Mar 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a…

Page 14 of 15