CVE Daily
← All tags

Tag: Cisco IOS XE

All CVEs associated with "Cisco IOS XE". Page 1/4 • 457 CVEs.

About “Cisco IOS XE”

A curated feed of “Cisco IOS XE”-related CVEs appears below. We currently track 457 CVEs for this tag (all time). In the last 365 days, 26 were published. Average CVSS is 7.2 (all time; 7.0 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-228 - Improper Handling of Syntactically Invalid Structure, CWE-319 - Cleartext Transmission of Sensitive Information, CWE-1286 - Improper Validation of Syntactic Correctness of Input.

In our taxonomy this topic maps to a HIGH impact class. Network and security appliances sit on critical paths. Restrict management exposure, back up configs, and schedule firmware updates with policy validation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: cisco-ios-xe

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
17.18-LTS
17.17- Expired
17.16- Expired
17.15-LTS
17.14- Expired
17.13- Expired
17.12-LTS
17.11- Expired
17.10- Expired
17.9- SoonLTS
17.8- Expired
17.7- Expired
17.6- ExpiredLTS
17.5- Expired
17.4- Expired
17.3- ExpiredLTS
17.2- Expired
17.1- Expired
16.12- ExpiredLTS

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Cisco IOS XE”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-03-25
High

CVE-2026-20125

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly,…

CVSS: 7.7 CWE: CWE-228 - Improper Handling of Syntactically Invalid Structure View on NVD
Medium

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuratio…

CVSS: 6.1 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2026-20114

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that wou…

CVSS: 5.4 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
Medium

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return l…

CVSS: 5.3 CWE: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection') View on NVD
Medium

CVE-2026-20112

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site s…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2026-20110

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists becau…

CVSS: 6.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2026-20104

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Swi…

CVSS: 6.1 CWE: CWE-124 - Buffer Underwrite ('Buffer Underflow') View on NVD
High

CVE-2026-20086

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an una…

CVSS: 8.6 CWE: CWE-230 - Improper Handling of Missing Values View on NVD
High

CVE-2026-20084

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of se…

CVSS: 8.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-20083

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition…

CVSS: 6.5 CWE: CWE-235 - Improper Handling of Extra Parameters View on NVD
High

CVE-2026-20012

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure…

CVSS: 8.6 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2026-20004

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to im…

CVSS: 7.4 CWE: CWE-771 - Missing Reference to Active Allocated Resource View on NVD
2025-09-25
Critical

CVE-2025-20363

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software…

CVSS: 9.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2025-09-24
High

CVE-2025-20352

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low p…

CVSS: 7.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating syste…

CVSS: 6.0 CWE: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters View on NVD
Medium

CVE-2025-20316

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a co…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-20315

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a d…

CVSS: 8.6 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Medium

CVE-2025-20314

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute per…

CVSS: 6.7 CWE: CWE-232 - Improper Handling of Undefined Values View on NVD
Medium

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute…

CVSS: 6.7 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2025-20312

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an af…

CVSS: 7.7 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2025-20311

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to beco…

CVSS: 7.4 CWE: CWE-19 View on NVD
Medium

CVE-2025-20293

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the p…

CVSS: 5.3 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2025-20240

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected devi…

CVSS: 6.1 CWE: CWE-692 - Incomplete Denylist to Cross-Site Scripting View on NVD
High

CVE-2025-20160

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authenti…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2025-20149

A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of se…

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Thi…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-05-07
Medium

CVE-2025-20221

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-20202

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabilit…

CVSS: 7.4 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Medium

CVE-2025-20201

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affecte…

CVSS: 6.7 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-20200

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affecte…

CVSS: 6.7 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-20199

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affecte…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2025-20198

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affecte…

CVSS: 4.6 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-20197

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affecte…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hos…

CVSS: 5.3 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
Medium

CVE-2025-20195

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.…

CVSS: 5.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2025-20193

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.…

CVSS: 6.5 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2025-20192

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The…

CVSS: 7.7 CWE: CWE-232 - Improper Handling of Undefined Values View on NVD
High

CVE-2025-20191

A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could all…

CVSS: 7.4 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Medium

CVE-2025-20190

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affec…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-20189

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthentica…

CVSS: 7.4 CWE: CWE-762 - Mismatched Memory Management Routines View on NVD
Critical

CVE-2025-20188

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLC…

CVSS: 10.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2025-20186

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user accoun…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2025-20182

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Softwa…

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-20162

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of…

CVSS: 8.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-20155

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insuffic…

CVSS: 6.0 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-20154

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-20151

A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacke…

CVSS: 4.3 CWE: CWE-16 View on NVD
High

CVE-2025-20140

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial…

CVSS: 7.4 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
2025-02-05
High

CVE-2025-20176

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-20175

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-20174

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-20173

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-20172

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected dev…

CVSS: 7.7 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-20171

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-20170

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerabili…

CVSS: 7.7 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
2024-11-15
Medium

CVE-2024-20373

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenti…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2024-09-25
Medium

CVE-2024-20510

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication ac…

CVSS: 4.7 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured sec…

CVSS: 5.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-20480

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliz…

CVSS: 8.6 CWE: CWE-783 - Operator Precedence Logic Error View on NVD
High

CVE-2024-20467

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition o…

CVSS: 8.6 CWE: CWE-399 View on NVD
High

CVE-2024-20464

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-20455

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote a…

CVSS: 8.6 CWE: CWE-371 View on NVD
High

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute comman…

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-20436

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co…

CVSS: 8.6 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerabili…

CVSS: 4.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to relo…

CVSS: 8.6 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affec…

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
2024-04-24
High

CVE-2024-20313

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a de…

CVSS: 7.4 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-03-27
High

CVE-2024-20308

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected dev…

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-20307

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected devi…

CVSS: 6.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-20324

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due…

CVSS: 5.5 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD
Medium

CVE-2024-20316

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured…

CVSS: 5.8 CWE: CWE-390 - Detection of Error Condition Without Action View on NVD
High

CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and sto…

CVSS: 8.6 CWE: CWE-783 - Operator Precedence Logic Error View on NVD
High

CVE-2024-20312

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial…

CVSS: 7.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-20311

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to rel…

CVSS: 8.6 CWE: CWE-674 - Uncontrolled Recursion View on NVD
Medium

CVE-2024-20309

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This…

CVSS: 5.6 CWE: CWE-828 - Signal Handler with Functionality that is not Asynchronous-Safe View on NVD
Medium

CVE-2024-20306

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying hos…

CVSS: 6.0 CWE: CWE-233 - Improper Handling of Parameters View on NVD
High

CVE-2024-20303

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service…

CVSS: 7.4 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2024-20278

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to impr…

CVSS: 6.5 CWE: CWE-184 - Incomplete List of Disallowed Inputs View on NVD
High

CVE-2024-20259

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of serv…

CVSS: 8.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-10-25
High

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-10-16
Critical

CVE-2023-20198

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Softwar…

CVSS: 10.0 CWE: CWE-420 - Unprotected Alternate Channel View on NVD
2023-10-04
Medium

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker t…

CVSS: 6.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-09-27
High

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insuffi…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-20227

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected d…

CVSS: 8.6 CWE: CWE-388 View on NVD
High

CVE-2023-20226

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to…

CVSS: 8.6 CWE: CWE-456 - Missing Initialization of a Variable View on NVD
Medium

CVE-2023-20202

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS…

CVSS: 6.1 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacke…

CVSS: 8.6 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
High

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command auth…

CVSS: 8.0 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative contr…

CVSS: 6.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-20033

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly,…

CVSS: 8.6 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2023-03-23
Medium

CVE-2023-20100

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could…

CVSS: 6.8 CWE: CWE-694 - Use of Multiple Resources with Duplicate Identifier View on NVD
Medium

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical acc…

CVSS: 6.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2023-20081

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Softwa…

CVSS: 6.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service…

CVSS: 7.4 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2023-20066

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint o…

CVSS: 6.5 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vuln…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-20035

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficie…

CVSS: 7.8 CWE: CWE-146 - Improper Neutralization of Expression/Command Delimiters View on NVD
Medium

CVE-2023-20029

A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due t…

CVSS: 4.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

CVSS: 8.6 CWE: CWE-416 - Use After Free View on NVD
2022-10-10
Medium

CVE-2022-20944

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned…

CVSS: 6.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is du…

CVSS: 7.7 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2022-20915

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of serv…

CVSS: 7.4 CWE: CWE-115 - Misinterpretation of Input View on NVD
High

CVE-2022-20870

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote…

CVSS: 8.6 CWE: CWE-130 - Improper Handling of Length Parameter Inconsistency View on NVD
Medium

CVE-2022-20864

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the config…

CVSS: 4.6 CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory View on NVD
High

CVE-2022-20837

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to…

CVSS: 8.6 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2022-09-30
High

CVE-2022-20919

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker t…

CVSS: 8.6 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2022-20856

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allo…

CVSS: 8.6 CWE: CWE-664 - Improper Control of a Resource Through its Lifetime View on NVD
High

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restr…

CVSS: 7.9 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2022-20851

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to in…

CVSS: 5.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2022-20850

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affe…

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2022-20848

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to…

CVSS: 8.6 CWE: CWE-399 View on NVD
High

CVE-2022-20847

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of ser…

CVSS: 8.6 CWE: CWE-399 View on NVD
Medium

CVE-2022-20810

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sens…

CVSS: 6.5 CWE: CWE-202 - Exposure of Sensitive Information Through Data Queries View on NVD
2022-04-15
High

CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerab…

CVSS: 8.6 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Medium

CVE-2022-20694

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Pro…

CVSS: 6.8 CWE: CWE-617 - Reachable Assertion View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox