Cisco Ios Xr Software vulnerabilities

CVE-2026-20046 [HIGH] CWE-264 CVE-2026-20046: A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could a A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged

CVE-2026-20040 [HIGH] CWE-78 CVE-2026-20040: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could

CVE-2026-20074 [HIGH] CWE-1287 CVE-2026-20074: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing fea A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vul

CVE-2026-20118 [MEDIUM] CWE-460 CVE-2026-20118: A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Ci A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processi

CVE-2025-20363 [CRITICAL] CWE-122 CVE-2025-20363: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Softw A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS,

CVE-2025-20340 [HIGH] CWE-400 CVE-2025-20340: A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software cou A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device. This vulnerability is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hi

CVE-2025-20159 [MEDIUM] CWE-284 CVE-2025-20159: A vulnerability in the management interface access control list (ACL) processing feature in Cisco IO A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O i

CVE-2025-20248 [MEDIUM] CWE-347 CVE-2025-20248: A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, l A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is du

CVE-2025-20154 [HIGH] CWE-20 CVE-2025-20154: A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Softw A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server proces

CVE-2025-20146 [HIGH] CWE-20 CVE-2025-20146: A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This v

CVE-2025-20209 [HIGH] CWE-770 CVE-2025-20209: A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software cou A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending

CVE-2025-20142 [HIGH] CWE-20 CVE-2025-20142: A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy fe A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset,

CVE-2025-20115 [HIGH] CWE-120 CVE-2025-20115: A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomo

CVE-2025-20138 [HIGH] CWE-78 CVE-2025-20138: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could

CVE-2025-20141 [HIGH] CWE-770 CVE-2025-20141: A vulnerability in the handling of specific packets that are punted from a line card to a route proc A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability is due to incorrect handling of packets that are punted

CVE-2025-20145 [MEDIUM] CWE-264 CVE-2025-20145: A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egres

CVE-2025-20177 [MEDIUM] CWE-274 CVE-2025-20177: A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local att A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete

CVE-2025-20144 [MEDIUM] CWE-284 CVE-2025-20144: A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR S A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by att

CVE-2025-20143 [MEDIUM] CWE-347 CVE-2025-20143: A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local att A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to i

CVE-2025-20172 [HIGH] CWE-248 CVE-2025-20172: A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted S