VYPR

IOS and IOS XE Software

by Cisco Systems, Inc.

CVEs (24)

  • CVE-2023-20033HigSep 27, 2023
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due…

  • CVE-2023-20080HigMar 23, 2023
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries.…

  • CVE-2023-20072HigMar 23, 2023
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the…

  • CVE-2023-20027HigMar 23, 2023
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper…

  • CVE-2022-20870HigOct 10, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a…

  • CVE-2022-20837HigOct 10, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error…

  • CVE-2022-20919HigSep 30, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of…

  • CVE-2022-20697HigApr 15, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An…

  • CVE-2022-20683HigApr 15, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This…

  • CVE-2022-20678HigApr 15, 2022
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments.…

  • CVE-2023-20065HigMar 23, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An…

  • CVE-2022-20681HigApr 15, 2022
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to…

  • CVE-2022-20920HigOct 10, 2022
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker…

  • CVE-2022-20692HigApr 15, 2022
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker…

  • CVE-2022-20915HigOct 10, 2022
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper…

  • CVE-2023-20081MedMar 23, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

  • CVE-2022-20694MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition.…

  • CVE-2022-20679MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while…

  • CVE-2023-20066MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…

  • CVE-2022-20944MedOct 10, 2022
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the…

Page 1 of 2