Cisco Ios Xr Software vulnerabilities

CVE-2024-20322 [MEDIUM] CWE-284 CVE-2024-20322: A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability

CVE-2024-20315 [MEDIUM] CWE-284 CVE-2024-20315: A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direct A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by at

CVE-2024-20266 [MEDIUM] CWE-476 CVE-2024-20266: A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow a A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected dev

CVE-2023-20135 [HIGH] CWE-347 CVE-2023-20135: A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, loc A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses a

CVE-2023-20236 [HIGH] CWE-347 CVE-2023-20236: A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, loc A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the i

CVE-2023-20191 [HIGH] CWE-284 CVE-2023-20191: A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direct A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through

CVE-2023-20233 [MEDIUM] CWE-476 CVE-2023-20233: A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could al A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by

CVE-2023-20190 [MEDIUM] CWE-264 CVE-2023-20190: A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Softwar A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is

CVE-2023-20049 [HIGH] CWE-805 CVE-2023-20049: A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IO A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a

CVE-2023-20064 [MEDIUM] CWE-862 CVE-2023-20064: A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unau A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive

CVE-2022-20821 [MEDIUM] CWE-200 CVE-2022-20821: A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, rem A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to t

CVE-2022-20714 [HIGH] CWE-126 CVE-2022-20714: A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could

CVE-2022-20758 [MEDIUM] CWE-399 CVE-2022-20758: A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) funct A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An at

CVE-2021-34728 [HIGH] CWE-78 CVE-2021-34728: Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local att Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-34720 [HIGH] CWE-771 CVE-2021-34720: A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerabil

CVE-2021-34719 [HIGH] CWE-78 CVE-2021-34719: Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local att Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-34737 [HIGH] CWE-476 CVE-2021-34737: A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow a A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected devic

CVE-2021-34713 [HIGH] CWE-399 CVE-2021-34713: A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series A A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network process

CVE-2021-34718 [HIGH] CWE-88 CVE-2021-34718: A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, rem A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges cou

CVE-2021-34722 [MEDIUM] CWE-78 CVE-2021-34722: Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local att Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.