Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CiscoIos Xr*

85 matches found

CVE
CVEadded 2021/09/09 5:15 a.m.49 views

CVE-2021-34737

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly ...

7.5CVSS6.5AI score0.00419EPSS
CVE
CVEadded 2014/07/07 11:1 a.m.48 views

CVE-2014-3308

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.

6.4CVSS6.9AI score0.01418EPSS
CVE
CVEadded 2014/07/18 1:0 a.m.48 views

CVE-2014-3321

Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.

5.7CVSS6.8AI score0.00332EPSS
CVE
CVEadded 2019/04/17 10:29 p.m.48 views

CVE-2019-1686

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect pro...

8.6CVSS6.5AI score0.00179EPSS
CVE
CVEadded 2019/04/17 10:29 p.m.48 views

CVE-2019-1710

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...

9.8CVSS9.4AI score0.02197EPSS
CVE
CVEadded 2021/02/04 5:15 p.m.48 views

CVE-2021-1244

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on...

6.7CVSS6.7AI score0.00023EPSS
CVE
CVEadded 2021/02/04 5:15 p.m.48 views

CVE-2021-1288

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

8.6CVSS8.1AI score0.00596EPSS
CVE
CVEadded 2021/02/04 5:15 p.m.47 views

CVE-2021-1128

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit th...

5.5CVSS5.4AI score0.00071EPSS
CVE
CVEadded 2012/05/31 10:17 a.m.46 views

CVE-2012-2488

Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

7.8CVSS6.8AI score0.00441EPSS
CVE
CVEadded 2020/08/17 6:15 p.m.46 views

CVE-2020-3449

A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of servic...

4.3CVSS4.8AI score0.0035EPSS
CVE
CVEadded 2021/02/04 5:15 p.m.46 views

CVE-2021-1136

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on...

6.7CVSS6.7AI score0.00023EPSS
CVE
CVEadded 2024/09/11 5:15 p.m.45 views

CVE-2024-20390

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

5.3CVSS5.4AI score0.00224EPSS
CVE
CVEadded 2014/04/05 4:1 a.m.44 views

CVE-2014-2144

Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

6.1CVSS6.8AI score0.00138EPSS
CVE
CVEadded 2007/08/20 7:17 p.m.43 views

CVE-2007-4430

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environment...

5CVSS6.7AI score0.12805EPSS
CVE
CVEadded 2013/05/23 1:36 p.m.43 views

CVE-2013-1204

Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.

5CVSS6.8AI score0.00658EPSS
CVE
CVEadded 2020/09/04 3:15 a.m.43 views

CVE-2020-3530

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerabi...

8.4CVSS8.4AI score0.0003EPSS
CVE
CVEadded 2013/09/27 8:55 p.m.42 views

CVE-2013-5498

The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.

5CVSS6.8AI score0.01289EPSS
CVE
CVEadded 2014/07/24 2:55 p.m.42 views

CVE-2014-3322

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.

6.1CVSS7AI score0.0067EPSS
CVE
CVEadded 2013/04/29 12:20 p.m.41 views

CVE-2013-1216

Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.

4CVSS6.4AI score0.00413EPSS
CVE
CVEadded 2014/11/25 5:59 p.m.41 views

CVE-2014-8004

Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.

5CVSS6.8AI score0.00865EPSS
CVE
CVEadded 2013/08/30 1:55 a.m.40 views

CVE-2013-3470

The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.

5CVSS6.7AI score0.01565EPSS
CVE
CVEadded 2013/11/29 4:33 a.m.40 views

CVE-2013-6700

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

5CVSS6.8AI score0.00658EPSS
CVE
CVEadded 2014/05/20 11:13 a.m.40 views

CVE-2014-3270

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.

5CVSS6.8AI score0.0098EPSS
CVE
CVEadded 2009/08/21 5:30 p.m.39 views

CVE-2009-2056

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.

3.3CVSS6.3AI score0.00474EPSS
CVE
CVEadded 2014/05/20 11:13 a.m.39 views

CVE-2014-3271

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.

5CVSS6.8AI score0.0098EPSS
CVE
CVEadded 2014/08/26 10:55 a.m.39 views

CVE-2014-3335

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.

4.6CVSS6.9AI score0.00679EPSS
CVE
CVEadded 2014/12/18 4:59 p.m.39 views

CVE-2014-8014

Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

5CVSS6.8AI score0.00766EPSS
CVE
CVEadded 2015/03/06 3:0 a.m.38 views

CVE-2015-0657

Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.

5CVSS6.8AI score0.00766EPSS
CVE
CVEadded 2014/09/04 10:55 a.m.36 views

CVE-2014-3353

Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

7.1CVSS6.8AI score0.025EPSS
CVE
CVEadded 2019/09/25 9:15 p.m.36 views

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

7.2CVSS6.8AI score0.00045EPSS
CVE
CVEadded 2014/11/26 2:59 a.m.35 views

CVE-2014-8005

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

5CVSS6.9AI score0.00659EPSS
CVE
CVEadded 2013/05/03 11:57 a.m.34 views

CVE-2013-1234

The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.

4CVSS6.4AI score0.00413EPSS
CVE
CVEadded 2014/10/05 1:55 a.m.31 views

CVE-2014-3396

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.

7.5CVSS7.1AI score0.00322EPSS
CVE
CVEadded 2015/03/06 3:0 a.m.31 views

CVE-2015-0661

The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.

4CVSS6.4AI score0.00481EPSS
CVE
CVEadded 2013/03/26 3:42 a.m.29 views

CVE-2013-1162

The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.

5CVSS6.8AI score0.00658EPSS
Total number of security vulnerabilities85