GCVE - cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*

Approved changes feed: RSS · Atom

cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*

part: h version: - update: *

Vendor	Cisco (`e1b3baff-aaf9-56a6-a68a-41e28ce616a5`)
Product	Asr 9906 (`fa1bb83b-7cf5-55cb-bb59-f923c176eb95`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	x64
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-20064`	not_vulnerable	2026-06-03 14:48:57.771943	Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability MEDIUM (4.6) A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. Published: 2023-03-09T00:00:00.000Z Updated: 2024-10-25T16:03:12.091Z Open on db.gcve.eu Reference links https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-20919`	not_vulnerable	2026-06-03 14:46:08.826871	db.gcve.eu returned HTTP 503. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-16022`	not_vulnerable	2026-06-03 14:39:53.763781	Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities HIGH (8.6) Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. Published: 2020-01-26T04:31:03.023Z Updated: 2024-11-15T17:46:21.678Z Open on db.gcve.eu Reference links https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-16020`	not_vulnerable	2026-06-03 14:39:53.760927	Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities HIGH (8.6) Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. Published: 2020-01-26T04:30:57.751Z Updated: 2024-11-15T17:46:32.554Z Open on db.gcve.eu Reference links https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-16018`	not_vulnerable	2026-06-03 14:39:53.746384	Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability HIGH (7.4) A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. Published: 2020-01-26T04:30:48.072Z Updated: 2024-11-15T17:46:42.156Z Open on db.gcve.eu Reference links https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-15989`	not_vulnerable	2026-06-03 14:39:53.502573	Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability HIGH (8.6) A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. Published: 2020-01-26T04:30:38.252Z Updated: 2024-11-15T17:46:50.977Z Open on db.gcve.eu Reference links https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.