Ios Xr@* Security Vulnerabilities and Issues — Ios Xr@* CVE List

Lucene search

CiscoIos Xr*

8 matches found

CVE•added 2023/10/10 2:15 p.m.•4418 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS

CVE•added 2023/03/09 10:15 p.m.•83 views

CVE-2023-20064

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary comman...

4.6CVSS4.8AI score0.00087EPSS

CVE•added 2023/03/09 10:15 p.m.•76 views

CVE-2023-20049

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote a...

8.6CVSS7.7AI score0.01259EPSS

CVE•added 2023/09/13 5:15 p.m.•71 views

CVE-2023-20135

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO imag...

7CVSS7AI score0.00017EPSS

CVE•added 2023/09/13 5:15 p.m.•65 views

CVE-2023-20233

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCM...

6.5CVSS6.5AI score0.00149EPSS

CVE•added 2023/09/13 5:15 p.m.•60 views

CVE-2023-20190

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range ...

5.8CVSS5.3AI score0.00059EPSS

CVE•added 2023/09/13 5:15 p.m.•56 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating t...

7.8CVSS7.4AI score0.00015EPSS

CVE•added 2023/09/13 5:15 p.m.•54 views

CVE-2023-20191

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit th...

7.5CVSS7.6AI score0.00054EPSS