VYPR

IOS XE Software for Cisco Meraki

by Cisco Systems, Inc.

CVEs (273)

  • CVE-2018-0470HigOct 5, 2018
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software…

  • CVE-2023-20109MedKEVSep 27, 2023
    risk 0.55cvss 6.6epss 0.02

    A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an…

  • CVE-2019-1950HigFeb 19, 2020
    risk 0.55cvss 8.4epss 0.00

    A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker…

  • CVE-2021-1451HigMar 24, 2021
    risk 0.53cvss 8.1epss 0.03

    A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux…

  • CVE-2021-1433HigMar 24, 2021
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could…

  • CVE-2018-15372HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3…

  • CVE-2023-20186HigSep 27, 2023
    risk 0.52cvss 8.0epss 0.01

    A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using…

  • CVE-2023-20065HigMar 23, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An…

  • CVE-2023-20035HigMar 23, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run…

  • CVE-2022-20855HigSep 30, 2022
    risk 0.51cvss 7.9epss 0.00

    A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying…

  • CVE-2022-20681HigApr 15, 2022
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to…

  • CVE-2021-1529HigOct 21, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability…

  • CVE-2021-1442HigMar 24, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to…

  • CVE-2020-3404HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability…

  • CVE-2020-3403HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC…

  • CVE-2019-16011HigApr 29, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2019-1745HigMar 28, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit…

  • CVE-2022-20692HigApr 15, 2022
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker…

  • CVE-2021-1623HigSep 23, 2021
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability…

  • CVE-2021-1431HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker…

Page 4 of 14