Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ios_xe
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 489 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-24 | CVE-2020-3422 | A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected... | Ios_xe | 7.5 | ||
| 2020-09-24 | CVE-2020-3428 | A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit... | Ios_xe | 6.5 | ||
| 2021-01-13 | CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | Firepower_management_center, Firepower_threat_defense, Ios_xe, Snort | 7.5 | ||
| 2021-01-13 | CVE-2021-1236 | Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious... | Firepower_management_center, Firepower_threat_defense, Ios_xe, Snort | 5.3 | ||
| 2018-06-07 | CVE-2018-0315 | A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this... | Ios_xe | 9.8 | ||
| 2020-06-03 | CVE-2020-3227 | A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and... | Ios_xe | 9.8 | ||
| 2019-05-13 | CVE-2019-1649 | A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the... | 15454\-M\-Wse\-K9_firmware, Analog_voice_network_interface_modules_firmware, Asa_5500_firmware, Asr_1000_series_firmware, Asr_1001_firmware, Catalyst_9800\-40_wireless_controller_firmware, Catalyst_9800\-80_wireless_controller_firmware, Encs_5100_firmware, Encs_5400_firmware, Firepower_2100_firmware, Firepower_4000_firmware, Firepower_9000_firmware, Ic3000\-K9_firmware, Industrial_security_appliances_3000_firmware, Integrated_services_router_4200_firmware, Integrated_services_router_4300_firmware, Integrated_services_router_4400_firmware, Integrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmware, Ios, Ios_xe, Ios_xr, Ncs2k\-Mr\-Mxp\-K9_firmware, Nx\-Os, Ons_15454_mstp_firmware, Sm\-X\-1t3\/e3_firmware, Supervisor_a\+_firmware, Supervisor_b\+_firmware | 6.7 | ||
| 2022-09-27 | CVE-2021-27853 | Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | Catalyst_6503\-E_firmware, Catalyst_6504\-E_firmware, Catalyst_6506\-E_firmware, Catalyst_6509\-E_firmware, Catalyst_6509\-Neb\-A_firmware, Catalyst_6509\-V\-E_firmware, Catalyst_6513\-E_firmware, Catalyst_6800ia_firmware, Catalyst_6807\-Xl_firmware, Catalyst_6840\-X_firmware, Catalyst_6880\-X_firmware, Catalyst_c6816\-X\-Le_firmware, Catalyst_c6824\-X\-Le\-40g_firmware, Catalyst_c6832\-X\-Le_firmware, Catalyst_c6840\-X\-Le\-40g_firmware, Ios_xe, Meraki_ms210_firmware, Meraki_ms225_firmware, Meraki_ms250_firmware, Meraki_ms350_firmware, Meraki_ms355_firmware, Meraki_ms390_firmware, Meraki_ms410_firmware, Meraki_ms420_firmware, Meraki_ms425_firmware, Meraki_ms450_firmware, N9k\-C9316d\-Gx_firmware, N9k\-C9332d\-Gx2b_firmware, N9k\-C9348d\-Gx2a_firmware, N9k\-C93600cd\-Gx_firmware, N9k\-C9364d\-Gx2a_firmware, N9k\-X9432c\-S_firmware, N9k\-X9464px_firmware, N9k\-X9464tx2_firmware, N9k\-X9564px_firmware, N9k\-X9564tx_firmware, N9k\-X9636c\-R_firmware, N9k\-X9636c\-Rx_firmware, N9k\-X97160yc\-Ex_firmware, N9k\-X9732c\-Ex_firmware, N9k\-X9732c\-Fx_firmware, N9k\-X9736c\-Ex_firmware, N9k\-X9736c\-Fx_firmware, N9k\-X9788tc\-Fx_firmware, Nexus_92160yc\-X_firmware, Nexus_92300yc_firmware, Nexus_92304qc_firmware, Nexus_92348gc\-X_firmware, Nexus_9236c_firmware, Nexus_9272q_firmware, Nexus_93108tc\-Ex_firmware, Nexus_93108tc\-Fx3p_firmware, Nexus_93108tc\-Fx_firmware, Nexus_93120tx_firmware, Nexus_93180yc\-Ex_firmware, Nexus_93180yc\-Fx3_firmware, Nexus_93180yc\-Fx_firmware, Nexus_93216tc\-Fx2_firmware, Nexus_93240yc\-Fx2_firmware, Nexus_9332c_firmware, Nexus_93360yc\-Fx2_firmware, Nexus_9336c\-Fx2\-E_firmware, Nexus_9336c\-Fx2_firmware, Nexus_9348gc\-Fxp_firmware, Nexus_9364c\-Gx_firmware, Nexus_9364c_firmware, Nexus_9432pq_firmware, Nexus_9504_firmware, Nexus_9508_firmware, Nexus_9516_firmware, Nexus_9536pq_firmware, Nexus_9636pq_firmware, Nexus_9716d\-Gx_firmware, Nexus_9736pq_firmware, Nexus_9800_firmware, Nexus_x9636q\-R_firmware, Sf500\-18p_firmware, Sf500\-24_firmware, Sf500\-24p_firmware, Sf500\-48_firmware, Sf500\-48mp_firmware, Sf\-500\-24mp_firmware, Sg500\-28_firmware, Sg500\-28mpp_firmware, Sg500\-28p_firmware, Sg500\-52_firmware, Sg500\-52mp_firmware, Sg500\-52p_firmware, Sg500x\-24_firmware, Sg500x\-24mpp_firmware, Sg500x\-24p_firmware, Sg500x\-48_firmware, Sg500x\-48mpp_firmware, Sg500x\-48p_firmware, Ieee_802\.2, P802\.1q | 4.7 | ||
| 2020-09-24 | CVE-2020-3403 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a... | Ios_xe | 7.8 | ||
| 2020-09-24 | CVE-2020-3409 | A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A... | Ios, Ios_xe | 7.4 |