Vulnerabilities > Cisco > IOS XR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-18 | CVE-2014-3321 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. | 5.7 |
| 2014-07-07 | CVE-2014-3308 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. | 6.4 |
| 2014-05-20 | CVE-2014-3271 | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | 5.0 |
| 2014-05-20 | CVE-2014-3270 | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | 5.0 |
| 2014-04-05 | CVE-2014-2144 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | 6.1 |
| 2013-11-29 | CVE-2013-6700 | Improper Input Validation vulnerability in Cisco IOS XR The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | 5.0 |
| 2013-11-08 | CVE-2013-5565 | Buffer Errors vulnerability in Cisco IOS XR 5.1.0 The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. | 4.3 |
| 2013-09-27 | CVE-2013-5498 | Improper Input Validation vulnerability in Cisco IOS XR The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | 5.0 |
| 2013-08-30 | CVE-2013-3470 | Improper Input Validation vulnerability in Cisco IOS XR The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | 5.0 |
| 2013-08-13 | CVE-2013-3464 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347. | 4.6 |