VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (285)

  • CVE-2025-20181MedMay 7, 2025
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot…

  • CVE-2025-20177MedMar 12, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system…

  • CVE-2025-20143MedMar 12, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have…

  • CVE-2021-1440MedNov 18, 2024
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS)…

  • CVE-2024-20456MedJul 10, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have…

  • CVE-2024-20307MedMar 27, 2024
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1…

  • CVE-2023-20236MedSep 13, 2023
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this…

  • CVE-2023-20081MedMar 23, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

  • CVE-2022-20758MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect…

  • CVE-2021-34703MedSep 23, 2021
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2021-34722MedSep 9, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see…

  • CVE-2021-34721MedSep 9, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see…

  • CVE-2021-1244MedFeb 4, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during…

  • CVE-2021-1136MedFeb 4, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during…

  • CVE-2020-3210MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the…

  • CVE-2020-3208MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due…

  • CVE-2020-3204MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.…

  • CVE-2019-12709MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with…

  • CVE-2019-1909MedJul 6, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of…

  • CVE-2018-15428MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update…

Page 9 of 15