CVE Daily
← All tags

Tag: Cisco IOS XE

All CVEs associated with "Cisco IOS XE". Page 3/4 • 457 CVEs.

Subscribe CVEs: RSS for “Cisco IOS XE”  ·  RSS (High+Critical only)

About “Cisco IOS XE”

A curated feed of “Cisco IOS XE”-related CVEs appears below. We currently track 457 CVEs for this tag (all time). In the last 365 days, 26 were published. Average CVSS is 7.2 (all time; 7.0 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-228 - Improper Handling of Syntactically Invalid Structure, CWE-319 - Cleartext Transmission of Sensitive Information, CWE-1286 - Improper Validation of Syntactic Correctness of Input.

In our taxonomy this topic maps to a HIGH impact class. Network and security appliances sit on critical paths. Restrict management exposure, back up configs, and schedule firmware updates with policy validation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-06-03
Critical

CVE-2020-3227

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API co…

CVSS: 9.8 CWE: CWE-264 View on NVD
High

CVE-2020-3226

A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected dev…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3225

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3224

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device.…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2020-3223

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlyin…

CVSS: 4.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2020-3222

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vu…

CVSS: 4.3 CWE: CWE-17 View on NVD
High

CVE-2020-3221

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to caus…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-3220

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated,…

CVSS: 6.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2020-3219

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operatin…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2020-3218

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Li…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3217

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauth…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vu…

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-3215

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due t…

CVSS: 6.7 CWE: CWE-264 View on NVD
Medium

CVE-2020-3214

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient valid…

CVSS: 6.7 CWE: CWE-264 View on NVD
Medium

CVE-2020-3213

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerabili…

CVSS: 6.7 CWE: CWE-264 View on NVD
High

CVE-2020-3212

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affect…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2020-3211

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affect…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2020-3209

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries o…

CVSS: 6.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2020-3207

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2020-3206

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthentic…

CVSS: 4.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-3204

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3203

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthentica…

CVSS: 8.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2020-3201

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a…

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerab…

CVSS: 7.7 CWE: CWE-371 View on NVD
2020-04-29
High

CVE-2019-16011

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due t…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2020-02-19
High

CVE-2019-1950

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default…

CVSS: 8.4 CWE: CWE-255 View on NVD
2019-09-25
Medium

CVE-2019-12672

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operatin…

CVSS: 6.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-12671

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS…

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2019-12670

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device.…

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-12669

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of servic…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-12668

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-12667

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interf…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-12666

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. Th…

CVSS: 6.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-12664

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacke…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-12663

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affe…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-12662

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service ima…

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2019-12661

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux oper…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2019-12660

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper i…

CVSS: 5.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2019-12659

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2019-12658

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a d…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2019-12657

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper va…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-12655

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-12653

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of servic…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-12651

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected d…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2019-12650

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected d…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2019-12649

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on…

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2019-12646

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…

CVSS: 7.5 CWE: CWE-399 View on NVD
2019-08-28
Critical

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device.…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2019-08-21
High

CVE-2019-12624

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2019-06-21
High

CVE-2019-1904

A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2019-05-13
High

CVE-2019-1862

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2019-03-28
Medium

CVE-2019-1760

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to t…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-1759

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configure…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-1756

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-1755

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege leve…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1754

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1753

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerabi…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1752

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorr…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1750

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload.…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1749

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent att…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2019-1747

A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trig…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of servi…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1745

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2019-1743

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-1742

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access contr…

CVSS: 5.3 CWE: CWE-16 View on NVD
High

CVE-2019-1741

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulne…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1740

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1739

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1738

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2019-03-27
High

CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wed…

CVSS: 8.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2018-10-05
High

CVE-2018-15377

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote…

CVSS: 8.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2018-15374

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulner…

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2018-15373

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on…

CVSS: 7.4 CWE: CWE-399 View on NVD
High

CVE-2018-15372

A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, ad…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2018-15371

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of…

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2018-15369

A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a d…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-15368

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary comman…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-0481

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. T…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2018-0480

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condit…

CVSS: 6.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2018-0477

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. T…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2018-0476

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…

CVSS: 5.9 CWE: CWE-399 View on NVD
High

CVE-2018-0475

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) con…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0472

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0471

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead…

CVSS: 7.4 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-0470

A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of serv…

CVSS: 8.6 CWE: CWE-399 View on NVD
Medium

CVE-2018-0469

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-…

CVSS: 6.8 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2018-0197

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2018-08-14
Medium

CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Inte…

CVSS: 5.9 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2018-06-07
Critical

CVE-2018-0315

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an a…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-04-19
Medium

CVE-2018-0257

A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resul…

CVSS: 4.3 CWE: CWE-399 View on NVD
2018-04-02
High

CVE-2018-0194

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-03-28
Medium

CVE-2018-0196

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device.…

CVSS: 4.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0195

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected dev…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2018-0193

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2018-0190

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-0189

A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condi…

CVSS: 5.3 CWE: CWE-399 View on NVD
Medium

CVE-2018-0188

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-0186

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2018-0185

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2018-0184

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary comman…

CVSS: 6.7 CWE: CWE-264 View on NVD
Medium

CVE-2018-0183

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary comman…

CVSS: 6.7 CWE: CWE-264 View on NVD
High

CVE-2018-0182

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2018-0177

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attac…

CVSS: 7.5 CWE: CWE-19 View on NVD
High

CVE-2018-0176

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitra…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2018-0175

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent atta…

CVSS: 8.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-0174

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0173

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0172

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2018-0171

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0170

A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2018-0169

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitra…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2018-0167

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated,…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-0165

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an af…

CVSS: 7.4 CWE: CWE-399 View on NVD
High

CVE-2018-0164

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to inco…

CVSS: 8.6 CWE: CWE-399 View on NVD
Medium

CVE-2018-0160

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnera…

CVSS: 6.3 CWE: CWE-415 - Double Free View on NVD
High

CVE-2018-0159

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0158

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reloa…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0157

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented pa…

CVSS: 8.6 CWE: CWE-19 View on NVD
High

CVE-2018-0156

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a…

CVSS: 7.5 CWE: CWE-399 View on NVD