Vulnerabilities > Cisco > IOS XR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2020-3569 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XR Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. | 7.5 |
| 2020-09-04 | CVE-2020-3530 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. | 8.4 |
| 2020-09-04 | CVE-2020-3473 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. | 7.2 |
| 2020-08-29 | CVE-2020-3566 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XR 6.4.2 A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. | 7.5 |
| 2020-06-03 | CVE-2020-3217 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 8.3 |
| 2020-02-05 | CVE-2020-3118 | Out-of-bounds Write vulnerability in Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. | 8.8 |
| 2019-09-25 | CVE-2019-12709 | OS Command Injection vulnerability in Cisco IOS XR A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.2 |
| 2019-08-07 | CVE-2019-1910 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. | 7.4 |
| 2019-04-17 | CVE-2019-1710 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. | 7.5 |
| 2019-02-21 | CVE-2019-1681 | Path Traversal vulnerability in Cisco IOS XR A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. | 7.5 |