Vulnerabilities > Cisco > IOS XR > 3.6

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-09-13 CVE-2023-20190 Incorrect Authorization vulnerability in Cisco IOS XR
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device.
network
low complexity
cisco CWE-863
5.3
2023-09-13 CVE-2023-20191 Incorrect Authorization vulnerability in Cisco IOS XR
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature.
network
low complexity
cisco CWE-863
7.5
2023-09-13 CVE-2023-20233 Improper Validation of Integrity Check Value vulnerability in Cisco IOS XR
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs).
network
low complexity
cisco CWE-354
6.5
2023-09-13 CVE-2023-20236 Insufficient Verification of Data Authenticity vulnerability in Cisco IOS XR
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification.
local
low complexity
cisco CWE-345
7.8
2023-03-09 CVE-2023-20049 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
7.5
2023-03-09 CVE-2023-20064 Missing Authorization vulnerability in Cisco IOS XR
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line.
low complexity
cisco CWE-862
4.6
2022-04-15 CVE-2022-20758 Unspecified vulnerability in Cisco IOS XR
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
high complexity
cisco
6.8
2021-09-23 CVE-2021-34714 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload.
low complexity
cisco CWE-20
7.4
2021-09-09 CVE-2021-34708 Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.
local
low complexity
cisco CWE-347
6.7