CVE Daily
← All tags

Tag: Cisco IOS XE

All CVEs associated with "Cisco IOS XE". Page 4/4 • 457 CVEs.

Subscribe CVEs: RSS for “Cisco IOS XE”  ·  RSS (High+Critical only)

About “Cisco IOS XE”

A curated feed of “Cisco IOS XE”-related CVEs appears below. We currently track 457 CVEs for this tag (all time). In the last 365 days, 26 were published. Average CVSS is 7.2 (all time; 7.0 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-228 - Improper Handling of Syntactically Invalid Structure, CWE-319 - Cleartext Transmission of Sensitive Information, CWE-1286 - Improper Validation of Syntactic Correctness of Input.

In our taxonomy this topic maps to a HIGH impact class. Network and security appliances sit on critical paths. Restrict management exposure, back up configs, and schedule firmware updates with policy validation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-03-28
High

CVE-2018-0152

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability ex…

CVSS: 8.8 CWE: CWE-264 View on NVD
Critical

CVE-2018-0151

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2018-0150

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and passw…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2018-03-27
Medium

CVE-2017-12319

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to r…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2017-10-19
Medium

CVE-2017-12289

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system…

CVSS: 4.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-12272

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface o…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-09-29
Critical

CVE-2017-12240

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-12239

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical…

CVSS: 6.8 CWE: CWE-264 View on NVD
High

CVE-2017-12237

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CP…

CVSS: 7.5 CWE: CWE-399 View on NVD
Critical

CVE-2017-12236

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-12230

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due…

CVSS: 8.8 CWE: CWE-264 View on NVD
Critical

CVE-2017-12229

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of t…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2017-12228

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized ac…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-12226

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco Ne…

CVSS: 8.8 CWE: CWE-264 View on NVD
Medium

CVE-2017-12222

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition…

CVSS: 6.5 CWE: CWE-399 View on NVD
2017-09-07
Medium

CVE-2017-6796

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrar…

CVSS: 6.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2017-6795

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files o…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-12213

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyn…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2017-12211

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of…

CVSS: 5.3 CWE: CWE-399 View on NVD
2017-08-07
Medium

CVE-2017-6665

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an…

CVSS: 6.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2017-6664

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected sy…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2017-6663

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to…

CVSS: 6.5 CWE: N/A View on NVD
2017-04-20
Medium

CVE-2017-6615

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnera…

CVSS: 6.3 CWE: CWE-399 View on NVD
High

CVE-2017-3863

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf…

CVSS: 8.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-3862

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf…

CVSS: 8.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-3861

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf…

CVSS: 8.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-3860

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf…

CVSS: 8.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-04-07
Medium

CVE-2017-6606

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operat…

CVSS: 6.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-03-22
High

CVE-2017-3864

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial…

CVSS: 8.6 CWE: CWE-399 View on NVD
High

CVE-2017-3859

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected devi…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2017-3858

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is d…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-3857

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, re…

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2017-3856

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insuffici…

CVSS: 7.5 CWE: CWE-399 View on NVD
2017-03-21
Medium

CVE-2017-3850

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-3849

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) cou…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
2017-03-17
Critical

CVE-2017-3881

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2017-02-03
Medium

CVE-2017-3824

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-3820

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could a…

CVSS: 6.5 CWE: CWE-665 - Improper Initialization View on NVD
2016-12-14
High

CVE-2016-9201

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-11-19
Low

CVE-2016-6450

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulne…

CVSS: 2.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-11-03
Critical

CVE-2016-6441

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affecte…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-10-27
Medium

CVE-2016-6438

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line c…

CVSS: 5.9 CWE: CWE-264 View on NVD
2016-10-05
High

CVE-2016-6378

Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

CVSS: 7.5 CWE: CWE-399 View on NVD
High

CVE-2016-6386

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID C…

CVSS: 7.5 CWE: CWE-399 View on NVD
2016-06-23
Medium

CVE-2016-1428

Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug…

CVSS: 6.5 CWE: CWE-399 View on NVD
2016-06-18
Medium

CVE-2016-1432

Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP…

CVSS: 6.5 CWE: CWE-399 View on NVD
2016-05-29
High

CVE-2016-1409

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (pa…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-03-26
High

CVE-2016-1350

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bu…

CVSS: 7.5 CWE: CWE-399 View on NVD
2015-12-23
Medium

CVE-2015-6431

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

CVSS: 6.5 CWE: CWE-399 View on NVD
2015-12-03
High

CVE-2015-6383

Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter craf…

CVSS: 7.2 CWE: CWE-264 View on NVD
2015-09-26
High

CVE-2015-6282

Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IP…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2015-08-31
High

CVE-2015-6272

Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) vi…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6271

Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) vi…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6270

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6269

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.

CVSS: 7.8 CWE: CWE-399 View on NVD
2015-08-29
High

CVE-2015-6273

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a den…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6268

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6267

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.

CVSS: 7.8 CWE: CWE-399 View on NVD
2015-08-01
High

CVE-2015-4291

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1…

CVSS: 7.8 CWE: CWE-399 View on NVD
2015-07-30
Medium

CVE-2015-4293

The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packet…

CVSS: 5.0 CWE: CWE-399 View on NVD
2015-07-08
Medium

CVE-2015-4243

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Requ…

CVSS: 6.1 CWE: CWE-399 View on NVD
2015-04-29
Medium

CVE-2015-0710

The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversi…

CVSS: 6.1 CWE: CWE-399 View on NVD
2015-04-04
High

CVE-2015-0688

Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.3…

CVSS: 7.1 CWE: CWE-399 View on NVD
2015-04-03
High

CVE-2015-0685

Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2015-03-26
High

CVE-2015-0645

The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remot…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-0644

AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-0641

Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cau…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-0640

The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows rem…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-0639

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-11-07
Medium

CVE-2014-7990

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-10-10
Medium

CVE-2014-3405

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces,…

CVSS: 4.8 CWE: N/A View on NVD
Medium

CVE-2014-3404

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted…

CVSS: 4.3 CWE: CWE-310 View on NVD
Medium

CVE-2014-3403

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq2…

CVSS: 5.0 CWE: CWE-310 View on NVD
2014-06-14
Medium

CVE-2014-3290

The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the n…

CVSS: 4.8 CWE: CWE-264 View on NVD
2014-05-25
Medium

CVE-2014-3284

Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
2014-05-20
Medium

CVE-2014-3269

The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-04-29
Medium

CVE-2014-2183

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCu…

CVSS: 6.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-12-28
Medium

CVE-2013-6981

Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

CVSS: 5.4 CWE: CWE-20 - Improper Input Validation View on NVD
2013-12-23
Medium

CVE-2013-6979

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authenticat…

CVSS: 5.4 CWE: CWE-287 - Improper Authentication View on NVD
2013-12-03
High

CVE-2013-6704

Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs…

CVSS: 7.1 CWE: CWE-399 View on NVD
2013-11-29
Medium

CVE-2013-6706

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he…

CVSS: 5.4 CWE: CWE-20 - Improper Input Validation View on NVD
2013-11-22
Medium

CVE-2013-6692

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA…

CVSS: 6.3 CWE: CWE-399 View on NVD
2013-10-31
High

CVE-2013-5547

Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf0…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-5546

The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-5545

The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug I…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-5543

Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TC…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2013-04-11
High

CVE-2013-2779

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) fe…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-1167

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of ser…

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2013-1166

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers t…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-1165

Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by send…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-1164

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows re…

CVSS: 7.8 CWE: N/A View on NVD
2012-09-27
High

CVE-2012-4622

Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2012-3949

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2011-10-03
High

CVE-2011-2072

Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.…

CVSS: 7.8 CWE: CWE-399 View on NVD
2010-09-23
High

CVE-2010-2835

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2834

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x befor…

CVSS: 7.8 CWE: N/A View on NVD
2009-08-27
High

CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x be…

CVSS: 7.8 CWE: N/A View on NVD