CVE-2021-1244 – Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1244
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los Enrutadores Cisco Network Convergence System (NCS) 540 Series, solo cuando ejecutan imágenes de Software de NCS540L de Cisco IOS XR, y el Software Cisco IOS XR para los Enrutadores Cisco 8000 Series, podrían permitir a un atacante autenticado local ejecutar código sin firmar durante el proceso de arranque en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-1268 – Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1268
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K • CWE-1076: Insufficient Adherence to Expected Conventions •
CVE-2020-3284 – Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3284
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 • CWE-284: Improper Access Control •
CVE-2020-3473 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3473
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. Una vulnerabilidad en la asignación de grupos de tareas para un comando de la CLI específico en Cisco IOS XR Software, podría permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVE-2020-3449 – Cisco IOS XR Software Additional Paths Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3449
A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. The vulnerability is due to an incorrect calculation of lexicographical order when displaying additional path information within Cisco IOS XR Software, which causes an infinite loop. An attacker could exploit this vulnerability by sending a specific BGP update from a BGP neighbor peer session of an affected device; an authorized user must then issue a show bgp command for the vulnerability to be exploited. A successful exploit could allow the attacker to prevent authorized users from properly monitoring the BGP status and prevent BGP from processing new updates, resulting in outdated information in the routing and forwarding tables. Una vulnerabilidad en la funcionalidad de rutas adicionales del Border Gateway Protocol (BGP) del Cisco IOS XR Software podría permitir a un atacante remoto no autenticado impedir que los usuarios autorizados monitoreen el estado de BGP y causar que el proceso de BGP deje de procesar nuevas actualizaciones, resultando en una condición de servicio (DOS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-ErKEqAer • CWE-754: Improper Check for Unusual or Exceptional Conditions •