VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (292)

  • CVE-2025-20138HigMar 12, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are…

  • CVE-2024-20398HigSep 11, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are…

  • CVE-2024-20381HigSep 11, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote…

  • CVE-2023-20231HigSep 27, 2023
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending…

  • CVE-2020-3234HigJun 3, 2020
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to…

  • CVE-2020-3217HigJun 3, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of…

  • CVE-2020-3205HigJun 3, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute…

  • CVE-2020-3199HigJun 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of…

  • CVE-2019-12648HigSep 25, 2019
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access…

  • CVE-2018-0195HigMar 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests…

  • CVE-2018-0152HigMar 28, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each…

  • CVE-2017-12230HigSep 29, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using…

  • CVE-2017-12226HigSep 29, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated,…

  • CVE-2025-20253HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the…

  • CVE-2025-20239HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger…

  • CVE-2025-20182HigMay 7, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to…

  • CVE-2025-20154HigMay 7, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco…

  • CVE-2025-20146HigMar 12, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a…

  • CVE-2025-20142HigMar 12, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers…

  • CVE-2025-20115HigMar 12, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when…

Page 2 of 15