CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 0CVE-2023-20236
https://notcve.org/view.php?id=CVE-2023-20236
13 Sep 2023 — A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device. Una vulnerab... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB • CWE-345: Insufficient Verification of Data Authenticity CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.9EPSS: 0%CPEs: 43EXPL: 0CVE-2023-20064 – Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20064
09 Mar 2023 — A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycle... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2021-34737 – Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34737
09 Sep 2021 — A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2021-34728 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34728
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 59EXPL: 0CVE-2021-34722 – Cisco IOS XR Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34722
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comando... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 59EXPL: 0CVE-2021-34721 – Cisco IOS XR Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34721
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comando... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 1%CPEs: 72EXPL: 0CVE-2021-34720 – Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34720
09 Sep 2021 — A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending speci... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP • CWE-771: Missing Reference to Active Allocated Resource •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2021-34719 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34719
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 1%CPEs: 51EXPL: 0CVE-2021-34718 – Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-34718
09 Sep 2021 — A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.6EPSS: 1%CPEs: 55EXPL: 0CVE-2019-16019 – Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-16019
23 Sep 2020 — Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn • CWE-399: Resource Management Errors •