VYPR

Cisco iOS

by Cisco Systems, Inc.

CVEs (818)

  • CVE-2018-0123MedFeb 8, 2018
    risk 0.36cvss 5.5epss 0.00

    A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be…

  • CVE-2010-3049MedSep 25, 2017
    risk 0.36cvss 5.5epss 0.00

    Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

  • CVE-2026-28819MedMay 11, 2026
    risk 0.35cvss 5.4epss 0.07

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-34705MedSep 23, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient…

  • CVE-2021-1460MedMar 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to…

  • CVE-2018-0484MedJan 10, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The…

  • CVE-2017-12211MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker…

  • CVE-2017-6624MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected…

  • CVE-2016-6398MedSep 12, 2016
    risk 0.35cvss 5.3epss 0.01

    The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

  • CVE-2016-1459MedJul 17, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.

  • CVE-2016-1378MedApr 14, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.

  • CVE-2026-28994MedMay 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position…

  • CVE-2026-20195MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called.…

  • CVE-2026-20152MedApr 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied…

  • CVE-2026-20676MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

  • CVE-2026-20673MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews.

  • CVE-2025-43444MedNov 4, 2025
    risk 0.34cvss 5.3epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

  • CVE-2025-20196MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)…

  • CVE-2021-1391MedMar 24, 2021
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the…

  • CVE-2026-28967MedMay 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.

Page 15 of 41