Vulnerabilities > Cisco > IOS XR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-1456 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | 7.2 |
| 2016-07-15 | CVE-2016-1426 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | 7.8 |
| 2015-04-17 | CVE-2015-0695 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. | 7.8 |
| 2015-02-21 | CVE-2015-0618 | Data Processing Errors vulnerability in Cisco Carrier Routing System and IOS XR Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241. | 7.1 |
| 2014-10-05 | CVE-2014-3396 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | 7.5 |
| 2014-09-04 | CVE-2014-3353 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | 7.1 |
| 2014-06-14 | CVE-2014-2176 | Resource Management Errors vulnerability in Cisco products Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928. | 7.1 |
| 2013-10-25 | CVE-2013-5549 | Unspecified vulnerability in Cisco IOS XR Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. network cisco | 7.1 |
| 2013-10-02 | CVE-2013-5503 | Resource Management Errors vulnerability in Cisco IOS XR 4.3.1 The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. | 7.8 |
| 2012-09-27 | CVE-2012-4617 | Improper Input Validation vulnerability in Cisco Ios, IOS XE and IOS XR The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. | 7.1 |