Cisco IOS XR vulnerabilities

CVE-2010-0137 [HIGH] CVE-2010-0137: Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.

CVE-2009-2056 [LOW] CWE-264 CVE-2009-2056: Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (proce Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.

CVE-2009-1154 [LOW] CWE-119 CVE-2009-1154: Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

CVE-2009-2055 [MEDIUM] CWE-20 CVE-2009-2055: Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

CVE-2009-0637 [HIGH] CWE-264 CVE-2009-0637: The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enfor The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

CVE-2009-0629 [MEDIUM] CVE-2009-0629: The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel C The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over T

CVE-2008-1159 [HIGH] CVE-2008-1159: Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to c Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

CVE-2007-4430 [MEDIUM] CWE-20 CVE-2007-4430: Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.

CVE-2006-1927 [MEDIUM] CVE-2006-1927: Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 o Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475.

CVE-2006-1928 [MEDIUM] CVE-2006-1928: Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 r Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.

CVE-2005-2451 [LOW] CVE-2005-2451: Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a l Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.

CVE-2024-20262 Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability CVE-2024-20262: Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would

CVE-2015-0769 Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability CVE-2015-0769: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorre

CVE-2017-6728 Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability CVE-2017-6728: Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging

CVE-2024-20266 Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability CVE-2024-20266: Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when the

CVE-2025-20159 Cisco IOS XR Software Management Interface ACL Bypass Vulnerability CVE-2025-20159: Cisco IOS XR Software Management Interface ACL Bypass Vulnerability A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Soft

CVE-2026-20046 Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities CVE-2026-20046: Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administrative control of an affected device. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-264, CWE-78, CWE-264, CWE-78 Bug IDs: CSCwp27221,

CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities CVE-2026-20040: Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administrative control of an affected device. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-264, CWE-78, CWE-264, CWE-78 Bug IDs: CSCwp27221,

CVE-2024-20318 Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability CVE-2024-20318: Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on l

CVE-2019-1842 Cisco IOS XR Software Secure Shell Authentication Vulnerability CVE-2019-1842: Cisco IOS XR Software Secure Shell Authentication Vulnerability A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event