CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2019-12709 – Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-12709
25 Sep 2019 — A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vu... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-xr-asr9k-privesc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1918 – Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1918
07 Aug 2019 — A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A succe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918 • CWE-20: Improper Input Validation CWE-682: Incorrect Calculation •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1910 – Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1910
07 Aug 2019 — A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-1909 – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1909
06 Jul 2019 — A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-iosxr-bgp-dos • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2019-1846 – Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1846
16 May 2019 — A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A... • http://www.securityfocus.com/bid/108363 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1849 – Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1849
16 May 2019 — A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN netw... • http://www.securityfocus.com/bid/108342 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1712 – Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1712
17 Apr 2019 — A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the ... • http://www.securityfocus.com/bid/108025 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1711 – Cisco IOS XR gRPC Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1711
17 Apr 2019 — A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and... • http://www.securityfocus.com/bid/108017 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2019-1686 – Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1686
17 Apr 2019 — A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending tr... • http://www.securityfocus.com/bid/108026 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2019-1710 – Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1710
17 Apr 2019 — A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could resu... • http://www.securityfocus.com/bid/108007 • CWE-20: Improper Input Validation •