Ios Xr@7.9.2 Security Vulnerabilities and Issues — Ios Xr@7.9.2 CVE List

Lucene search

CiscoIos Xr7.9.2

15 matches found

CVE•added 2024/09/11 5:15 p.m.•110 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the con...

8.8CVSS8.6AI score0.00236EPSS

CVE•added 2024/09/11 5:15 p.m.•85 views

CVE-2024-20304

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An atta...

8.6CVSS8AI score0.00096EPSS

CVE•added 2024/03/13 5:15 p.m.•76 views

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insuf...

7.8CVSS7.5AI score0.00047EPSS

CVE•added 2024/09/11 5:15 p.m.•75 views

CVE-2024-20398

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI c...

8.8CVSS8.1AI score0.00243EPSS

CVE•added 2025/03/12 4:15 p.m.•70 views

CVE-2025-20115

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with...

8.6CVSS7.6AI score0.00527EPSS

CVE•added 2025/03/12 4:15 p.m.•59 views

CVE-2025-20145

A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress int...

5.8CVSS7.1AI score0.00051EPSS

CVE•added 2025/05/07 6:15 p.m.•59 views

CVE-2025-20154

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this...

8.6CVSS8.5AI score0.00233EPSS

CVE•added 2024/03/13 5:15 p.m.•54 views

CVE-2024-20319

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect ...

4.3CVSS4.8AI score0.00018EPSS

CVE•added 2025/03/12 4:15 p.m.•54 views

CVE-2025-20209

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An...

7.5CVSS7.4AI score0.00143EPSS

CVE•added 2024/09/11 5:15 p.m.•53 views

CVE-2024-20317

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. Thi...

7.4CVSS7.5AI score0.00087EPSS

CVE•added 2025/03/12 4:15 p.m.•53 views

CVE-2025-20142

A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthen...

8.6CVSS7.5AI score0.00163EPSS

CVE•added 2024/09/11 5:15 p.m.•49 views

CVE-2024-20343

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the ar...

5.5CVSS5.2AI score0.00097EPSS

CVE•added 2025/03/12 4:15 p.m.•49 views

CVE-2025-20144

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. ...

5.8CVSS7.3AI score0.00037EPSS

CVE•added 2025/03/12 4:15 p.m.•47 views

CVE-2025-20141

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability is...

7.4CVSS7.2AI score0.00043EPSS

CVE•added 2025/02/05 5:15 p.m.•41 views

CVE-2025-20172

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker co...

7.7CVSS7.1AI score0.00092EPSS