Cisco Asr_9902
21 CVEs affecting Cisco Asr_9902. Latest disclosed: 2025-03-12. Critical: 1, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-12240 | Critical | 9.8 | 2017-09-29 | The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker… |
CVE-2025-20146 | High | 8.6 | 2025-03-12 | A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Perform… |
CVE-2025-20142 | High | 8.6 | 2025-03-12 | A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Ag… |
CVE-2023-20049 | High | 8.6 | 2023-03-09 | A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Service… |
CVE-2022-20714 | High | 8.6 | 2022-04-15 | A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated… |
CVE-2021-34720 | High | 8.6 | 2021-09-09 | A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could a… |
CVE-2021-34718 | High | 8.1 | 2021-09-09 | A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the l… |
CVE-2023-20065 | High | 7.8 | 2023-03-23 | A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to r… |
CVE-2021-34728 | High | 7.8 | 2021-09-09 | Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges o… |
CVE-2021-34719 | High | 7.8 | 2021-09-09 | Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges o… |
CVE-2017-12231 | High | 7.5 | 2017-09-29 | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote… |
CVE-2024-20327 | High | 7.4 | 2024-03-13 | A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allo… |
CVE-2021-34713 | High | 7.4 | 2021-09-09 | A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated… |
CVE-2023-20236 | Medium | 6.7 | 2023-09-13 | A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an a… |
CVE-2021-34722 | Medium | 6.7 | 2021-09-09 | Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an aff… |
CVE-2021-34721 | Medium | 6.7 | 2021-09-09 | Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an aff… |
CVE-2023-20066 | Medium | 6.5 | 2023-03-23 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that… |
CVE-2022-20849 | Medium | 6.1 | 2024-11-15 | A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attac… |
CVE-2021-34737 | Medium | 5.8 | 2021-09-09 | A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of th… |
CVE-2022-20677 | Medium | 5.5 | 2022-04-15 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into… |