iOS Xr Software
CVEs (285)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34713 | Hig | 0.48 | 7.4 | 0.00 | Sep 9, 2021 | A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of… | ||
| CVE-2021-1268 | Hig | 0.48 | 7.4 | 0.01 | Feb 4, 2021 | A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software… | ||
| CVE-2020-3512 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition.… | ||
| CVE-2020-3511 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input… | ||
| CVE-2020-3409 | Hig | 0.48 | 7.4 | 0.01 | Sep 24, 2020 | A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to… | ||
| CVE-2019-1918 | Hig | 0.48 | 7.4 | 0.01 | Aug 7, 2019 | A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS)… | ||
| CVE-2019-1910 | Hig | 0.48 | 7.4 | 0.00 | Aug 7, 2019 | A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service… | ||
| CVE-2019-1849 | Hig | 0.48 | 7.4 | 0.01 | May 16, 2019 | A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The… | ||
| CVE-2019-1846 | Hig | 0.48 | 7.4 | 0.01 | May 16, 2019 | A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of… | ||
| CVE-2019-1748 | Hig | 0.48 | 7.4 | 0.01 | Mar 28, 2019 | A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently… | ||
| CVE-2019-1746 | Hig | 0.48 | 7.4 | 0.01 | Mar 28, 2019 | A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to… | ||
| CVE-2018-15373 | Hig | 0.48 | 7.4 | 0.01 | Oct 5, 2018 | A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The… | ||
| CVE-2018-0475 | Hig | 0.48 | 7.4 | 0.01 | Oct 5, 2018 | A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input… | ||
| CVE-2018-0471 | Hig | 0.48 | 7.4 | 0.01 | Oct 5, 2018 | A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect… | ||
| CVE-2018-0241 | Hig | 0.48 | 7.4 | 0.01 | Apr 19, 2018 | A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that… | ||
| CVE-2018-0165 | Hig | 0.48 | 7.4 | 0.01 | Mar 28, 2018 | A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory… | ||
| CVE-2016-6474 | Hig | 0.48 | 7.3 | 0.01 | Dec 14, 2016 | A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases:… | ||
| CVE-2024-20483 | Hig | 0.47 | 7.2 | 0.01 | Sep 11, 2024 | Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the… | ||
| CVE-2025-20314 | Med | 0.44 | 6.7 | 0.00 | Sep 24, 2025 | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is… | ||
| CVE-2025-20313 | Med | 0.44 | 6.7 | 0.00 | Sep 24, 2025 | Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These… |
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition.…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory…
- risk 0.48cvss 7.3epss 0.01
A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases:…
- risk 0.47cvss 7.2epss 0.01
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is…
- risk 0.44cvss 6.7epss 0.00
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These…
Page 8 of 15