Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Asr 9000v-v2
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20064 1 Cisco 40 Asr 9000v-v2, Asr 9001, Asr 9006 and 37 more 2024-11-21 N/A 4.6 MEDIUM
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
CVE-2023-20049 1 Cisco 13 Asr 9000v-v2, Asr 9001, Asr 9006 and 10 more 2024-11-21 N/A 8.6 HIGH
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.
CVE-2022-20677 1 Cisco 62 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 59 more 2024-11-21 7.2 HIGH 5.5 MEDIUM
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34737 1 Cisco 37 Asr 9000v-v2, Asr 9001, Asr 9006 and 34 more 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.
CVE-2021-34728 1 Cisco 46 8101-32fh, 8101-32h, 8102-64h and 43 more 2024-11-21 7.2 HIGH 7.8 HIGH
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34722 1 Cisco 44 8101-32fh, 8101-32h, 8102-64h and 41 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34721 1 Cisco 44 8101-32fh, 8101-32h, 8102-64h and 41 more 2024-11-21 6.9 MEDIUM 6.7 MEDIUM
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34720 1 Cisco 46 8101-32fh, 8101-32h, 8102-64h and 43 more 2024-11-21 4.3 MEDIUM 8.6 HIGH
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
CVE-2021-34719 1 Cisco 46 8101-32fh, 8101-32h, 8102-64h and 43 more 2024-11-21 7.2 HIGH 7.8 HIGH
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-34718 1 Cisco 36 Asr 9000v-v2, Asr 9001, Asr 9006 and 33 more 2024-11-21 8.5 HIGH 8.1 HIGH
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
CVE-2021-34713 1 Cisco 14 Asr 9000, Asr 9000v-v2, Asr 9001 and 11 more 2024-11-21 6.1 MEDIUM 7.4 HIGH
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.