VYPR

IOS and IOS XE Software

by Cisco Systems, Inc.

CVEs (32)

  • CVE-2022-20694MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition.…

  • CVE-2022-20679MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while…

  • CVE-2021-34729MedSep 23, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments…

  • CVE-2021-34703MedSep 23, 2021
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2023-20066MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…

  • CVE-2022-20944MedOct 10, 2022
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the…

  • CVE-2021-34697MedSep 23, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect…

  • CVE-2022-20851MedSep 30, 2022
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2021-34705MedSep 23, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient…

  • CVE-2022-20676MedApr 15, 2022
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed…

  • CVE-2022-20693MedApr 15, 2022
    risk 0.31cvss 4.7epss 0.02

    A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2023-20029MedMar 23, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected…

Page 2 of 2