Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...

CVE-2026-20083

CVE-2026-20083 describes a DoS vulnerability in the SCP server feature of Cisco IOS XE. An authenticated, low-privilege local attacker can trigger a reload via a crafted SCP command issued over SSH due to improper handling of a malformed request. The practical impact is a device DoS from unexpect...

CVE-2026-20125

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

The vulnerability of the command-line interface of Cisco IOS XR allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the command-line interface of Cisco IOS XR systems is related to improper validation of arguments passed to a specific CLI command. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Central Web Authentication (CWA) component of the Cisco IOS XE operating system allows a hacker to bypass the authentication process and gain access to the protected network segment.

The vulnerability of the Central Web Authentication CWA component in the Cisco IOS XE operating system is related to logical errors in the implementation of the access control list ACL. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain access to t...

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from a vulnerabili...

CVE-2024-20327

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service DoS condition. This vulnerability is due to the improper handling of large...

The vulnerability of the packet processing and fragmentation mechanism in Cisco IOS XE tunnel protocol allows a attacker to trigger a service failure.

The vulnerability of the packet processing and fragmentation mechanism in Cisco IOS XE operating systems is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which stems from a security issue in GRand Unified Bootloader GRUB, which can be exploited by an attacker to view sensitive files on the console using the GRUB bootload...

The vulnerability of the Protection Against Distributed Denial of Service attacks function in Cisco IOS XE allows a attacker to cause a service failure.

The vulnerability of the Protection Against Distributed Denial of Service attacks in Cisco IOS XE operating systems is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2021-34720

A vulnerability in the IP Service Level Agreements IP SLA responder and Two-Way Active Measurement Protocol TWAMP features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in ...

The vulnerability of the file checking function of Cisco IOS XR routers from Network Convergence System’s 540 Series and Cisco 8000 Series allows a hacker to execute arbitrary code.

The vulnerability of the file checking function for Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 8000 Series is related to errors in the cryptographic signature verification. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

Cisco IOS XE Denial of Service Vulnerability (CNVD-2020-70971)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the IP Address Resolution Protocol ARP feature of Cisco IOS XE used by Cisco ASR 1000 Series Converged Services Routers. The...

CVE-2020-3513

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...

CVE-2020-3465

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames on...

PT-2020-4430 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker...

Vulnerability fixed in Cisco IOS XR

Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...