Vulnerabilities > Cisco > IOS XR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-1426 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | 7.5 |
| 2016-05-29 | CVE-2016-1409 | Improper Input Validation vulnerability in Cisco products The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | 7.5 |
| 2016-05-25 | CVE-2016-1407 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. | 7.5 |
| 2016-04-12 | CVE-2016-1376 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. | 5.3 |
| 2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.5 |
| 2016-03-12 | CVE-2016-1361 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | 5.3 |
| 2016-01-05 | CVE-2015-6432 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | 7.5 |
| 2010-08-30 | CVE-2010-3035 | Unspecified vulnerability in Cisco IOS XR Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. | 7.5 |