Cisco Ios_xr
78 CVEs affecting Cisco Ios_xr. Latest disclosed: 2023-10-10. Critical: 0, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-9215 | High | 7.8 | 2016-12-14 | A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Inform… |
CVE-2016-6428 | High | 7.8 | 2016-10-06 | Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. |
CVE-2016-1456 | High | 7.8 | 2016-07-15 | The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container acces… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2017-12270 | High | 7.5 | 2017-10-05 | A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote… |
CVE-2017-6731 | High | 7.5 | 2017-07-10 | A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attack… |
CVE-2017-3876 | High | 7.5 | 2017-05-16 | A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of serv… |
CVE-2016-9205 | High | 7.5 | 2016-12-14 | A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Se… |
CVE-2016-6355 | High | 7.5 | 2016-08-23 | Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of… |
CVE-2016-1426 | High | 7.5 | 2016-07-15 | Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via craf… |
CVE-2016-1409 | High | 7.5 | 2016-05-29 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote at… |
CVE-2016-1407 | High | 7.5 | 2016-05-25 | Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (ses… |
CVE-2015-6432 | High | 7.5 | 2016-01-05 | Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OS… |
CVE-2017-6728 | High | 7.0 | 2017-07-10 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an af… |
CVE-2017-6719 | Medium | 6.7 | 2017-07-04 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system wit… |
CVE-2017-6718 | Medium | 6.7 | 2017-07-04 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSC… |
CVE-2016-1366 | Medium | 6.5 | 2016-03-24 | The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows rem… |
CVE-2017-6666 | Medium | 6.0 | 2017-06-13 | A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticate… |
CVE-2017-12355 | Medium | 5.3 | 2017-11-30 | A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, r… |
CVE-2017-6599 | Medium | 5.3 | 2017-04-07 | A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the E… |