U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 67 matching records.
Displaying matches 61 through 67.
Vuln ID Summary CVSS Severity
CVE-2012-2488

Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

Published: May 31, 2012; 6:17:38 AM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2011-1651

Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.

Published: May 31, 2011; 4:55:02 PM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2009-2056

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.

Published: August 21, 2009; 1:30:00 PM -0400 		V3.x:(not available)
 V2.0: 3.3 LOW
CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

Published: August 21, 2009; 1:30:00 PM -0400 		V3.x:(not available)
 V2.0: 3.3 LOW
CVE-2008-0960

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Published: June 10, 2008; 2:32:00 PM -0400 		V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2008-1159

Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

Published: May 22, 2008; 9:09:00 AM -0400 		V3.x:(not available)
 V2.0: 7.1 HIGH
CVE-2007-4430

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.

Published: August 20, 2007; 3:17:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM