Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ios_xe
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 495 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-15 | CVE-2022-20722 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | Ios_xe | 4.9 | ||
| 2022-04-15 | CVE-2022-20723 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | Ios_xe | 7.2 | ||
| 2022-04-15 | CVE-2022-20724 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | Cgr1000_compute_module, Ic3000_industrial_compute_gateway, Ios, Ios_xe | 5.3 | ||
| 2022-04-15 | CVE-2022-20727 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | Cgr1000_compute_module, Ic3000_industrial_compute_gateway, Ios, Ios_xe, Ir510_operating_system | 6.7 | ||
| 2022-09-27 | CVE-2021-27853 | Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | Catalyst_6503\-E_firmware, Catalyst_6504\-E_firmware, Catalyst_6506\-E_firmware, Catalyst_6509\-E_firmware, Catalyst_6509\-Neb\-A_firmware, Catalyst_6509\-V\-E_firmware, Catalyst_6513\-E_firmware, Catalyst_6800ia_firmware, Catalyst_6807\-Xl_firmware, Catalyst_6840\-X_firmware, Catalyst_6880\-X_firmware, Catalyst_c6816\-X\-Le_firmware, Catalyst_c6824\-X\-Le\-40g_firmware, Catalyst_c6832\-X\-Le_firmware, Catalyst_c6840\-X\-Le\-40g_firmware, Ios_xe, Meraki_ms210_firmware, Meraki_ms225_firmware, Meraki_ms250_firmware, Meraki_ms350_firmware, Meraki_ms355_firmware, Meraki_ms390_firmware, Meraki_ms410_firmware, Meraki_ms420_firmware, Meraki_ms425_firmware, Meraki_ms450_firmware, N9k\-C9316d\-Gx_firmware, N9k\-C9332d\-Gx2b_firmware, N9k\-C9348d\-Gx2a_firmware, N9k\-C93600cd\-Gx_firmware, N9k\-C9364d\-Gx2a_firmware, N9k\-X9432c\-S_firmware, N9k\-X9464px_firmware, N9k\-X9464tx2_firmware, N9k\-X9564px_firmware, N9k\-X9564tx_firmware, N9k\-X9636c\-R_firmware, N9k\-X9636c\-Rx_firmware, N9k\-X97160yc\-Ex_firmware, N9k\-X9732c\-Ex_firmware, N9k\-X9732c\-Fx_firmware, N9k\-X9736c\-Ex_firmware, N9k\-X9736c\-Fx_firmware, N9k\-X9788tc\-Fx_firmware, Nexus_92160yc\-X_firmware, Nexus_92300yc_firmware, Nexus_92304qc_firmware, Nexus_92348gc\-X_firmware, Nexus_9236c_firmware, Nexus_9272q_firmware, Nexus_93108tc\-Ex_firmware, Nexus_93108tc\-Fx3p_firmware, Nexus_93108tc\-Fx_firmware, Nexus_93120tx_firmware, Nexus_93180yc\-Ex_firmware, Nexus_93180yc\-Fx3_firmware, Nexus_93180yc\-Fx_firmware, Nexus_93216tc\-Fx2_firmware, Nexus_93240yc\-Fx2_firmware, Nexus_9332c_firmware, Nexus_93360yc\-Fx2_firmware, Nexus_9336c\-Fx2\-E_firmware, Nexus_9336c\-Fx2_firmware, Nexus_9348gc\-Fxp_firmware, Nexus_9364c\-Gx_firmware, Nexus_9364c_firmware, Nexus_9432pq_firmware, Nexus_9504_firmware, Nexus_9508_firmware, Nexus_9516_firmware, Nexus_9536pq_firmware, Nexus_9636pq_firmware, Nexus_9716d\-Gx_firmware, Nexus_9736pq_firmware, Nexus_9800_firmware, Nexus_x9636q\-R_firmware, Sf500\-18p_firmware, Sf500\-24_firmware, Sf500\-24p_firmware, Sf500\-48_firmware, Sf500\-48mp_firmware, Sf\-500\-24mp_firmware, Sg500\-28_firmware, Sg500\-28mpp_firmware, Sg500\-28p_firmware, Sg500\-52_firmware, Sg500\-52mp_firmware, Sg500\-52p_firmware, Sg500x\-24_firmware, Sg500x\-24mpp_firmware, Sg500x\-24p_firmware, Sg500x\-48_firmware, Sg500x\-48mpp_firmware, Sg500x\-48p_firmware, Ieee_802\.2, P802\.1q | 4.7 | ||
| 2022-09-30 | CVE-2022-20848 | A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload,... | Ios_xe | 7.5 | ||
| 2022-09-30 | CVE-2022-20810 | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view... | Ios_xe | 6.5 | ||
| 2022-09-30 | CVE-2022-20847 | A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | Ios_xe | 7.5 | ||
| 2022-09-30 | CVE-2022-20851 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker... | Ios_xe | 7.2 | ||
| 2022-09-30 | CVE-2022-20919 | A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A... | Ios_xe | 7.5 |