This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2015-02-21
Product Ios Xr Last view 2021-09-23
Version 5.2.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:cisco:ios_xr

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.4 2021-09-23 CVE-2021-34714

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

5.5 2021-09-09 CVE-2021-34771

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access.

7.5 2021-09-09 CVE-2021-34737

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.

7.8 2021-09-09 CVE-2021-34728

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

6.7 2021-09-09 CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

6.7 2021-09-09 CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

8.6 2021-09-09 CVE-2021-34720

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.

7.8 2021-09-09 CVE-2021-34719

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

8.1 2021-09-09 CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

7.4 2021-09-09 CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.

6.4 2021-09-09 CVE-2021-34709

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

6.7 2021-09-09 CVE-2021-34708

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

7.8 2021-04-08 CVE-2021-1485

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.

6.5 2021-02-04 CVE-2021-1389

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.

7.8 2021-02-04 CVE-2021-1370

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.

7.5 2021-02-04 CVE-2021-1313

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

7.5 2021-02-04 CVE-2021-1288

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

6.5 2021-02-04 CVE-2021-1268

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.

6.7 2021-02-04 CVE-2021-1244

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

7.5 2021-02-04 CVE-2021-1243

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.

6.7 2021-02-04 CVE-2021-1136

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

5.5 2021-02-04 CVE-2021-1128

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.

8.6 2020-11-12 CVE-2020-26070

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality.

9.8 2020-11-06 CVE-2020-3284

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory.

8.4 2020-09-04 CVE-2020-3530

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

CWE : Common Weakness Enumeration

%idName
21% (10) CWE-20 Improper Input Validation
15% (7) CWE-399 Resource Management Errors
13% (6) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
8% (4) CWE-347 Improper Verification of Cryptographic Signature
4% (2) CWE-754 Improper Check for Unusual or Exceptional Conditions
4% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (2) CWE-284 Access Control (Authorization) Issues
4% (2) CWE-200 Information Exposure
4% (2) CWE-88 Argument Injection or Modification
4% (2) CWE-19 Data Handling
2% (1) CWE-682 Incorrect Calculation
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-404 Improper Resource Shutdown or Release
2% (1) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-201 Information Leak Through Sent Data
2% (1) CWE-134 Uncontrolled Format String
2% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0052 Cisco IOS XR Software Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0060015

Snort® IPS/IDS

Date Description
2020-12-05 Cisco IOS IS-IS SNMP denial of service attempt
RuleID : 52649 - Type : PROTOCOL-SNMP - Revision : 1
2020-12-05 Cisco IOS IS-IS SNMP denial of service attempt
RuleID : 52648 - Type : PROTOCOL-SNMP - Revision : 1
2020-12-05 Cisco IOS IS-IS SNMP denial of service attempt
RuleID : 52647 - Type : PROTOCOL-SNMP - Revision : 1
2020-12-05 Cisco IOS IS-IS SNMP denial of service attempt
RuleID : 52646 - Type : PROTOCOL-SNMP - Revision : 1
2020-12-05 Cisco IOS IS-IS SNMP denial of service attempt
RuleID : 52645 - Type : PROTOCOL-SNMP - Revision : 1
2020-12-05 Read Request directory traversal attempt
RuleID : 49241 - Type : PROTOCOL-TFTP - Revision : 2
2016-10-10 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220-community - Type : SERVER-OTHER - Revision : 6
2016-09-16 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220 - Type : SERVER-OTHER - Revision : 6
2016-05-27 Cisco IOS NX invalid ICMPv6 neighbor discovery hop limit denial of service at...
RuleID : 39065 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2017-01-26 Name: A remote device is affected by an information disclosure vulnerability.
File: cisco_ikev1_info_disclosure.nasl - Type: ACT_ATTACK
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-ios.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxe.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxr.nasl - Type: ACT_GATHER_INFO
2016-09-16 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160713-ncs6k-iosxr.nasl - Type: ACT_GATHER_INFO
2016-08-19 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160810-iosxr.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_jsa10749.nasl - Type: ACT_GATHER_INFO
2016-05-25 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160519-iosxr.nasl - Type: ACT_GATHER_INFO
2016-04-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160323-ncs.nasl - Type: ACT_GATHER_INFO
2015-04-24 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150415-iosxr.nasl - Type: ACT_GATHER_INFO
2015-04-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150220-ipv6-iosxr.nasl - Type: ACT_GATHER_INFO