VYPR

iOS Xe

by Cisco Systems, Inc.

CVEs (220)

  • CVE-2016-6403MedSep 18, 2016
    risk 0.38cvss 5.9epss 0.02

    The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.

  • CVE-2018-0123MedFeb 8, 2018
    risk 0.36cvss 5.5epss 0.00

    A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be…

  • CVE-2017-12211MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker…

  • CVE-2016-1459MedJul 17, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.

  • CVE-2017-6795MedSep 7, 2017
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is…

  • CVE-2017-12213MedSep 7, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the…

  • CVE-2017-6770MedAug 7, 2017
    risk 0.27cvss 4.2epss 0.02

    Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA)…

  • CVE-2016-6450LowNov 19, 2016
    risk 0.16cvss 2.5epss 0.00

    A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release…

  • CVE-2024-20480Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition…

  • CVE-2023-20186Sep 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using…

  • CVE-2023-20080Mar 23, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries.…

  • CVE-2021-34705Sep 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient…

  • CVE-2021-34699Sep 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could…

  • CVE-2021-1392Mar 24, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability…

  • CVE-2020-3417Sep 24, 2020
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An…

  • CVE-2019-12668Sep 25, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The…

  • CVE-2019-12654Sep 25, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to…

  • CVE-2019-12647Sep 25, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL…

  • CVE-2019-1761Mar 28, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory…

  • CVE-2019-1757Mar 28, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation…

Page 5 of 11