IOS XE Software for Cisco Meraki
CVEs (273)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12672 | Med | 0.44 | 6.8 | 0.01 | Sep 25, 2019 | A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient… | ||
| CVE-2019-12666 | Med | 0.44 | 6.7 | 0.01 | Sep 25, 2019 | A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker… | ||
| CVE-2019-12661 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to… | ||
| CVE-2019-1760 | Med | 0.44 | 6.8 | 0.02 | Mar 28, 2019 | A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this… | ||
| CVE-2018-15374 | Med | 0.44 | 6.7 | 0.00 | Oct 5, 2018 | A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures… | ||
| CVE-2018-15371 | Med | 0.44 | 6.7 | 0.00 | Oct 5, 2018 | A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has… | ||
| CVE-2018-15368 | Med | 0.44 | 6.7 | 0.00 | Oct 5, 2018 | A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected… | ||
| CVE-2018-0481 | Med | 0.44 | 6.7 | 0.00 | Oct 5, 2018 | A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes… | ||
| CVE-2018-0477 | Med | 0.44 | 6.7 | 0.00 | Oct 5, 2018 | A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes… | ||
| CVE-2018-0469 | Med | 0.44 | 6.8 | 0.03 | Oct 5, 2018 | A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are… | ||
| CVE-2021-1371 | Med | 0.43 | 6.6 | 0.00 | Mar 24, 2021 | A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This… | ||
| CVE-2019-1755 | Med | 0.43 | 6.5 | 0.03 | Mar 28, 2019 | A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly… | ||
| CVE-2023-20235 | Med | 0.42 | 6.5 | 0.01 | Oct 4, 2023 | A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability… | ||
| CVE-2023-20066 | Med | 0.42 | 6.5 | 0.02 | Mar 23, 2023 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security… | ||
| CVE-2022-20810 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2022 | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that… | ||
| CVE-2020-3487 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3486 | Med | 0.42 | 6.5 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3429 | Med | 0.42 | 6.5 | 0.01 | Sep 24, 2020 | A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is… | ||
| CVE-2020-3428 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to… | ||
| CVE-2018-0197 | Med | 0.42 | 6.5 | 0.01 | Oct 5, 2018 | A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The… |
- risk 0.44cvss 6.8epss 0.01
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to…
- risk 0.44cvss 6.8epss 0.02
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…
- risk 0.44cvss 6.8epss 0.03
A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are…
- risk 0.43cvss 6.6epss 0.00
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This…
- risk 0.43cvss 6.5epss 0.03
A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that…
- risk 0.42cvss 6.5epss 0.00
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The…
Page 8 of 14