VYPR

IOS XE Software for Cisco Meraki

by Cisco Systems, Inc.

CVEs (273)

  • CVE-2019-12672MedSep 25, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient…

  • CVE-2019-12666MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker…

  • CVE-2019-12661MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to…

  • CVE-2019-1760MedMar 28, 2019
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this…

  • CVE-2018-15374MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures…

  • CVE-2018-15371MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has…

  • CVE-2018-15368MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected…

  • CVE-2018-0481MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…

  • CVE-2018-0477MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…

  • CVE-2018-0469MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.03

    A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are…

  • CVE-2021-1371MedMar 24, 2021
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This…

  • CVE-2019-1755MedMar 28, 2019
    risk 0.43cvss 6.5epss 0.03

    A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly…

  • CVE-2023-20235MedOct 4, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability…

  • CVE-2023-20066MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…

  • CVE-2022-20810MedSep 30, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that…

  • CVE-2020-3487MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3486MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3429MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2020-3428MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2018-0197MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The…

Page 8 of 14