Vulnerabilities > Cisco > IOS XR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-34721 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. | 6.7 |
| 2021-09-09 | CVE-2021-34722 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. | 6.7 |
| 2021-09-09 | CVE-2021-34771 | Information Exposure vulnerability in Cisco IOS XR A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. | 5.5 |
| 2021-02-04 | CVE-2021-1389 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. | 6.5 |
| 2021-02-04 | CVE-2021-1268 | Insufficient Adherence to Expected Conventions vulnerability in Cisco IOS XR A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. | 6.5 |
| 2021-02-04 | CVE-2021-1244 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. | 6.7 |
| 2021-02-04 | CVE-2021-1136 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. | 6.7 |
| 2021-02-04 | CVE-2021-1128 | Information Exposure Through Sent Data vulnerability in Cisco IOS XR A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. | 5.5 |
| 2020-09-23 | CVE-2019-16023 | Unspecified vulnerability in Cisco IOS XR Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2020-09-23 | CVE-2019-16021 | Unspecified vulnerability in Cisco IOS XR Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |