VYPR

iOS Xe

by Cisco Systems, Inc.

CVEs (220)

  • CVE-2017-3824MedFeb 3, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running…

  • CVE-2018-0466MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets.…

  • CVE-2017-12222MedSep 29, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2017-6665MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within…

  • CVE-2017-6606MedApr 7, 2017
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639…

  • CVE-2017-3820MedFeb 3, 2017
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected…

  • CVE-2016-6423MedOct 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.

  • CVE-2016-6412MedSep 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

  • CVE-2014-2146MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.01

    The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that…

  • CVE-2016-1428MedJun 23, 2016
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.

  • CVE-2016-1432MedJun 18, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.

  • CVE-2015-6431MedDec 23, 2015
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

  • CVE-2017-6615MedApr 20, 2017
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software…

  • CVE-2017-12272MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input…

  • CVE-2016-6404MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.

  • CVE-2017-3850MedMar 21, 2017
    risk 0.39cvss 5.9epss 0.02

    A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability…

  • CVE-2016-1344MedMar 26, 2016
    risk 0.39cvss 5.9epss 0.03

    The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

  • CVE-2018-0131MedAug 14, 2018
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because…

  • CVE-2017-12228MedSep 29, 2017
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due…

  • CVE-2016-6438MedOct 27, 2016
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following…

Page 4 of 11