Vulnerabilities > Cisco > IOS XR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-20343 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. | 5.5 |
| 2024-09-11 | CVE-2024-20390 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. | 5.3 |
| 2024-09-11 | CVE-2024-20489 | Insufficiently Protected Credentials vulnerability in Cisco IOS XR A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. | 5.5 |
| 2023-09-13 | CVE-2023-20190 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. | 5.3 |
| 2023-09-13 | CVE-2023-20233 | Improper Validation of Integrity Check Value vulnerability in Cisco IOS XR A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). | 6.5 |
| 2023-03-09 | CVE-2023-20064 | Missing Authorization vulnerability in Cisco IOS XR A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. | 4.6 |
| 2022-05-26 | CVE-2022-20821 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. | 6.5 |
| 2022-04-15 | CVE-2022-20758 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 6.8 |
| 2021-09-09 | CVE-2021-34708 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. | 6.7 |
| 2021-09-09 | CVE-2021-34709 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. | 6.4 |