Product:

Ios_xr

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 171
Date Id Summary Products Score Patch Annotated
2019-05-13 CVE-2019-1649 A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the... 15454\-M\-Wse\-K9_firmware, Analog_voice_network_interface_modules_firmware, Asa_5500_firmware, Asr_1000_series_firmware, Asr_1001_firmware, Catalyst_9800\-40_wireless_controller_firmware, Catalyst_9800\-80_wireless_controller_firmware, Encs_5100_firmware, Encs_5400_firmware, Firepower_2100_firmware, Firepower_4000_firmware, Firepower_9000_firmware, Ic3000\-K9_firmware, Industrial_security_appliances_3000_firmware, Integrated_services_router_4200_firmware, Integrated_services_router_4300_firmware, Integrated_services_router_4400_firmware, Integrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmware, Ios, Ios_xe, Ios_xr, Ncs2k\-Mr\-Mxp\-K9_firmware, Nx\-Os, Ons_15454_mstp_firmware, Sm\-X\-1t3\/e3_firmware, Supervisor_a\+_firmware, Supervisor_b\+_firmware 6.7
2020-01-26 CVE-2019-16027 A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this... Ios_xr 6.5
2020-09-23 CVE-2019-16023 Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A... Ios_xr 7.5
2020-09-23 CVE-2019-16021 Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A... Ios_xr 7.5
2009-03-27 CVE-2009-0629 The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device... Ios, Ios_xr N/A
2009-03-27 CVE-2009-0637 The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. Ios, Ios_xr N/A
2019-08-07 CVE-2019-1918 A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be... Carrier_routing_system, Ios_xr 7.4
2019-04-17 CVE-2019-1686 A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this... Ios_xr 8.6
2019-11-26 CVE-2019-15998 A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to... Ios_xr 5.3
2018-05-02 CVE-2018-0286 A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the... Ios_xr N/A