Cisco IOS XR vulnerabilities

CVE-2024-20381 [HIGH] CWE-285 CVE-2024-20381: A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) a A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This

CVE-2024-20304 [HIGH] CWE-401 CVE-2024-20304: A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software cou A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending craf

CVE-2024-20343 [MEDIUM] CWE-284 CVE-2024-20343: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. A

CVE-2024-20489 [MEDIUM] CWE-256 CVE-2024-20489: A vulnerability in the storage method of the PON Controller configuration file could allow an authen A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this v

CVE-2024-20390 [MEDIUM] CWE-940 CVE-2024-20390: A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthent A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, craft

CVE-2024-20456 [MEDIUM] CWE-732 CVE-2024-20456: A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local att A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due

CVE-2024-20327 [HIGH] CWE-20 CVE-2024-20327: A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Ci A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packet

CVE-2024-20320 [HIGH] CWE-266 CVE-2024-20320: A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with

CVE-2024-20322 [MEDIUM] CWE-284 CVE-2024-20322: A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability

CVE-2024-20319 [MEDIUM] CWE-284 CVE-2024-20319: A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with manag

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-20135 [HIGH] CWE-347 CVE-2023-20135: A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, loc A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses a

CVE-2023-20236 [HIGH] CWE-347 CVE-2023-20236: A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, loc A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the i

CVE-2023-20191 [HIGH] CWE-284 CVE-2023-20191: A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direct A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through

CVE-2023-20233 [MEDIUM] CWE-476 CVE-2023-20233: A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could al A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by

CVE-2023-20190 [MEDIUM] CWE-264 CVE-2023-20190: A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Softwar A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is

CVE-2023-20049 [HIGH] CWE-805 CVE-2023-20049: A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IO A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a

CVE-2023-20064 [MEDIUM] CWE-862 CVE-2023-20064: A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unau A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive

CVE-2022-20758 [MEDIUM] CWE-399 CVE-2022-20758: A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) funct A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An at

CVE-2021-40120 [HIGH] CWE-20 CVE-2021-40120: A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Rout A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-