Cisco Ios Xr Software vulnerabilities

CVE-2021-34708 [MEDIUM] CWE-347 CVE-2021-34708: Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more informat

CVE-2021-34721 [MEDIUM] CWE-78 CVE-2021-34721: Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local att Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-34771 [MEDIUM] CWE-201 CVE-2021-34771: A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to vie A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful

CVE-2021-34709 [MEDIUM] CWE-347 CVE-2021-34709: Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more informat

CVE-2021-1485 [HIGH] CWE-88 CVE-2021-1485: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exp

CVE-2021-1313 [HIGH] CWE-399 CVE-2021-1313: Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could al Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1370 [HIGH] CWE-78 CVE-2021-1370: A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Netw A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device.

CVE-2021-1243 [HIGH] CWE-284 CVE-2021-1243: A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the manag A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerabi

CVE-2021-1288 [HIGH] CWE-399 CVE-2021-1288: Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could al Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1389 [MEDIUM] CWE-284 CVE-2021-1389: A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent th

CVE-2021-1128 [MEDIUM] CWE-201 CVE-2021-1128: A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attac A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the co

CVE-2021-1244 [MEDIUM] CWE-347 CVE-2021-1244: Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when run Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these

CVE-2021-1136 [MEDIUM] CWE-347 CVE-2021-1136: Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when run Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these

CVE-2021-1268 [MEDIUM] CWE-1076 CVE-2021-1268: A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast gr

CVE-2020-26070 [HIGH] CWE-404 CVE-2020-26070: A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 900 A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network

CVE-2020-3284 [CRITICAL] CWE-284 CVE-2020-3284: A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64- A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are runn

CVE-2019-16023 [HIGH] CWE-399 CVE-2019-16023: Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attac

CVE-2019-16019 [HIGH] CWE-399 CVE-2019-16019: Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attac

CVE-2020-3569 [HIGH] CWE-400 CVE-2020-3569: Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other p

CVE-2019-16021 [HIGH] CWE-399 CVE-2019-16021: Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attac