Vulnerabilities > Cisco > IOS XR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-0418 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2018-03-28 | CVE-2018-0175 | Use of Externally-Controlled Format String vulnerability in Cisco Ios, IOS XE and IOS XR Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 7.9 |
| 2018-03-28 | CVE-2018-0167 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Ios, IOS XE and IOS XR Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 8.3 |
| 2018-01-31 | CVE-2018-0136 | Unspecified vulnerability in Cisco IOS XR 5.3.4 A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. | 7.8 |
| 2017-07-04 | CVE-2017-6719 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. | 7.2 |
| 2017-07-04 | CVE-2017-6718 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. | 7.2 |
| 2017-05-16 | CVE-2017-3876 | Denial of Service vulnerability in Cisco IOS XR Software A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 7.8 |
| 2016-12-14 | CVE-2016-9215 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1 A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. | 7.2 |
| 2016-10-06 | CVE-2016-6428 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1 Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | 7.2 |
| 2016-08-23 | CVE-2016-6355 | Resource Management Errors vulnerability in Cisco IOS XR Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. | 7.8 |