Cisco Cisco Ios Xr Software
107 CVEs affecting Cisco Cisco Ios Xr Software. Latest disclosed: 2026-03-11. Critical: 2, High: 55.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-1710 | Critical | 9.8 | 2019-04-17 | A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an… |
CVE-2025-20363 | Critical | 9.0 | 2025-09-25 | A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, C… |
CVE-2026-20046 | High | 8.8 | 2026-03-11 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges… |
CVE-2026-20040 | High | 8.8 | 2026-03-11 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operat… |
CVE-2025-20138 | High | 8.8 | 2025-03-12 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operat… |
CVE-2022-20655 | High | 8.8 | 2024-11-15 | A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection… |
CVE-2024-20381 | High | 8.8 | 2024-09-11 | A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interface… |
CVE-2024-20398 | High | 8.8 | 2024-09-11 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying oper… |
CVE-2020-3217 | High | 8.8 | 2020-06-03 | A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Ci… |
CVE-2020-3118 | High | 8.8 | 2020-02-05 | A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary… |
CVE-2025-20154 | High | 8.6 | 2025-05-07 | A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticate… |
CVE-2025-20146 | High | 8.6 | 2025-03-12 | A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Perform… |
CVE-2025-20142 | High | 8.6 | 2025-03-12 | A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Ag… |
CVE-2025-20115 | High | 8.6 | 2025-03-12 | A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote atta… |
CVE-2024-20304 | High | 8.6 | 2024-09-11 | A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the… |
CVE-2023-20049 | High | 8.6 | 2023-03-09 | A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Service… |
CVE-2022-20714 | High | 8.6 | 2022-04-15 | A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated… |
CVE-2021-34720 | High | 8.6 | 2021-09-09 | A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could a… |
CVE-2021-1313 | High | 8.6 | 2021-02-04 | Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial o… |
CVE-2021-1288 | High | 8.6 | 2021-02-04 | Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial o… |