CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2025-20209 – Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20209
12 Mar 2025 — A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control p... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.7EPSS: 0%CPEs: 67EXPL: 0CVE-2025-20177 – Cisco IOS XR Software Image Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-20177
12 Mar 2025 — A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass som... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 5.8EPSS: 0%CPEs: 61EXPL: 0CVE-2025-20145 – Cisco IOS XR Software Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-20145
12 Mar 2025 — A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affect... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 43EXPL: 0CVE-2025-20144 – Cisco IOS XR Software Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-20144
12 Mar 2025 — A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more info... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2025-20142 – Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20142
12 Mar 2025 — A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line car... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20141 – Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity
https://notcve.org/view.php?id=CVE-2025-20141
12 Mar 2025 — A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor,... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 90EXPL: 0CVE-2025-20138 – Cisco IOS XR Software CLI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20138
12 Mar 2025 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute ar... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 93EXPL: 0CVE-2025-20115 – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20115
12 Mar 2025 — A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in ... • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.7EPSS: 0%CPEs: 577EXPL: 0CVE-2025-20172
https://notcve.org/view.php?id=CVE-2025-20172
05 Feb 2025 — A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW • CWE-248: Uncaught Exception •
CVSS: 8.6EPSS: 0%CPEs: 18EXPL: 0CVE-2024-20304 – Cisco IOS XR Software Packet Memory Exhaustion Vulnerability
https://notcve.org/view.php?id=CVE-2024-20304
11 Sep 2024 — A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be abl... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy • CWE-401: Missing Release of Memory after Effective Lifetime •