Vulnerabilities > Cisco > IOS XR

DATE CVE VULNERABILITY TITLE RISK
2020-01-26 CVE-2019-16020 Resource Exhaustion vulnerability in Cisco IOS XR
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6
2020-01-26 CVE-2019-16018 Resource Exhaustion vulnerability in Cisco IOS XR
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
6.5
2020-01-26 CVE-2019-15989 Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-754
8.6
2019-11-26 CVE-2019-15998 Missing Authorization vulnerability in Cisco IOS XR 6.5.1/6.5.2/6.5.3
A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device.
network
low complexity
cisco CWE-862
5.3
2019-09-25 CVE-2019-12709 OS Command Injection vulnerability in Cisco IOS XR
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges.
local
low complexity
cisco CWE-78
6.7
2019-08-07 CVE-2019-1918 Incorrect Calculation vulnerability in Cisco Carrier Routing System and IOS XR
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition.
low complexity
cisco CWE-682
7.4
2019-08-07 CVE-2019-1910 Improper Input Validation vulnerability in Cisco IOS XR
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition.
low complexity
cisco CWE-20
7.4
2019-07-06 CVE-2019-1909 Improper Input Validation vulnerability in Cisco IOS XR
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
network
high complexity
cisco CWE-20
5.9
2019-05-16 CVE-2019-1849 Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR
A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-754
6.5
2019-05-16 CVE-2019-1846 Improper Input Validation vulnerability in Cisco IOS XR 5.3.3
A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-20
7.4