Cisco Ios Xr Software vulnerabilities

CVE-2019-1846 [HIGH] CWE-20 CVE-2019-1846: A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintena A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the

CVE-2019-1849 [MEDIUM] CWE-754 CVE-2019-1849: A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethern A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected softwar

CVE-2019-1710 [CRITICAL] CWE-20 CVE-2019-1710: A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services R A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal

CVE-2019-1712 [HIGH] CWE-20 CVE-2019-1712: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could a A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this v

CVE-2019-1711 [HIGH] CWE-20 CVE-2019-1711: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow a A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC r

CVE-2019-1686 [HIGH] CWE-284 CVE-2019-1686: A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 900 A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affecte

CVE-2018-15428 [MEDIUM] CWE-20 CVE-2018-15428: A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update

CVE-2017-6599 [MEDIUM] CVE-2017-6599: A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to ca A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects