Product:

Ios_xr

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 171
Date Id Summary Products Score Patch Annotated
2020-11-06 CVE-2020-3284 A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a... A99\-Rp2\-Se_firmware, A99\-Rp2\-Tr_firmware, A99\-Rp3\-Se_firmware, A99\-Rp3\-Tr_firmware, A99\-Rsp\-Se_firmware, A99\-Rsp\-Tr_firmware, A9k\-Rsp5\-Se_firmware, A9k\-Rsp5\-Tr_firmware, A9k\-Rsp880\-Lt\-Se_firmware, A9k\-Rsp880\-Lt\-Tr_firmware, A9k\-Rsp880\-Se_firmware, A9k\-Rsp880\-Tr_firmware, Asr\-9901\-Rp_firmware, Ios_xr, N540\-12z20g\-Sys\-A\/d_firmware, N540\-24z8q2c\-M_firmware, N540\-28z4c\-Sys\-A\/d_firmware, N540\-Acc\-Sys_firmware, N540x\-12z16g\-Sys\-A\/d_firmware, N540x\-16z4g8q2c\-A\/d_firmware, N560\-4\-Sys_firmware, N560\-7\-Sys_firmware, Nc55\-Rp\-E_firmware, Nc55\-Rp_firmware, Ncs1001_firmware, Ncs1002_firmware, Ncs1004_firmware, Ncs5001_firmware, Ncs5002_firmware, Ncs5011_firmware, Ncs55\-A1\-48q6h_firmware, Ncs\-5501\-Se_firmware, Ncs\-5501_firmware, Ncs\-5502\-Se_firmware, Ncs\-5502_firmware, Ncs\-55a1\-24h_firmware, Ncs\-55a1\-24q6h\-S_firmware, Ncs\-55a1\-36h\-S_firmware, Ncs\-55a1\-36h\-Se\-S_firmware, Ncs\-55a2\-Mod\-Hd\-S_firmware, Ncs\-55a2\-Mod\-Hx\-S_firmware, Ncs\-55a2\-Mod\-S_firmware, Ncs\-55a2\-Mod\-Se\-H\-S_firmware, Ncs\-55a2\-Mod\-Se\-S_firmware 9.8
2020-11-12 CVE-2020-26070 A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3... Ios_xr 8.6
2021-02-04 CVE-2021-1128 A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not... Ios_xr 5.5
2021-02-04 CVE-2021-1136 Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Ios_xr 6.7
2021-02-04 CVE-2021-1243 A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by... Ios_xr 7.5
2021-02-04 CVE-2021-1244 Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Ios_xr 6.7
2021-02-04 CVE-2021-1268 A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same... Ios_xr 6.5
2021-02-04 CVE-2021-1288 Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Ios_xr 7.5
2021-02-04 CVE-2021-1313 Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Ios_xr 7.5
2021-02-04 CVE-2021-1370 A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by... Ios_xr 7.8