VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (285)

  • CVE-2020-3530HigSep 4, 2020
    risk 0.55cvss 8.4epss 0.00

    A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected…

  • CVE-2025-20164HigMay 7, 2025
    risk 0.54cvss 8.3epss 0.00

    A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker…

  • CVE-2025-20160HigSep 24, 2025
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check…

  • CVE-2021-34718HigSep 9, 2021
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a…

  • CVE-2020-3257HigJun 3, 2020
    risk 0.53cvss 8.1epss 0.01

    Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of…

  • CVE-2018-15372HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3…

  • CVE-2018-0161MedKEVMar 28, 2018
    risk 0.53cvss 6.3epss 0.05

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of…

  • CVE-2023-20186HigSep 27, 2023
    risk 0.52cvss 8.0epss 0.01

    A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using…

  • CVE-2024-20320HigMar 13, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This…

  • CVE-2021-34728HigSep 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-34719HigSep 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1370HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this…

  • CVE-2020-3473HigSep 4, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to…

  • CVE-2018-0194HigApr 2, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device…

  • CVE-2018-0193HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device…

  • CVE-2018-0185HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device…

  • CVE-2018-0182HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device…

  • CVE-2018-0179MedKEVMar 28, 2018
    risk 0.51cvss 5.9epss 0.05

    Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…

  • CVE-2018-0176HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to…

  • CVE-2018-0169HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to…

Page 5 of 15