Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...

CVE-2026-20083

CVE-2026-20083 describes a DoS vulnerability in the SCP server feature of Cisco IOS XE. An authenticated, low-privilege local attacker can trigger a reload via a crafted SCP command issued over SSH due to improper handling of a malformed request. The practical impact is a device DoS from unexpect...

CVE-2026-20125

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from a vulnerabili...

CVE-2024-20327

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service DoS condition. This vulnerability is due to the improper handling of large...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which stems from a security issue in GRand Unified Bootloader GRUB, which can be exploited by an attacker to view sensitive files on the console using the GRUB bootload...

CVE-2021-34720

A vulnerability in the IP Service Level Agreements IP SLA responder and Two-Way Active Measurement Protocol TWAMP features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in ...

Cisco IOS XE Denial of Service Vulnerability (CNVD-2020-70971)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the IP Address Resolution Protocol ARP feature of Cisco IOS XE used by Cisco ASR 1000 Series Converged Services Routers. The...

CVE-2020-3513

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...

CVE-2020-3465

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames on...

PT-2020-4430 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker...

Vulnerability fixed in Cisco IOS XR

Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...

CVE-2020-3212

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this...

CVE-2019-1710

A vulnerability in the sysadmin virtual machine VM on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...

Multiple Cisco Products IOS XE Software Elevation of Privilege Vulnerability

Cisco 4000 Series Integrated Services Routers and others are different models of router products from Cisco USA. in which IOS XE Software is used. an operating system developed by Cisco for its network devices. An elevation of privilege vulnerability exists in the shell access request mechanism o...

Cisco IOS Software and IOS XE Software Denial of Service Vulnerability (CNVD-2018-07302)

Cisco IOS Software and IOS XE Software are both operating systems developed by Cisco for its network devices. An input validation vulnerability exists in the DHCP option 82 encapsulation feature in Cisco IOS Software and IOS XE Software, which arises from the program's failure to perform full inp...

Cisco IOS XE Software Command Execution Vulnerability

Cisco ASR 920 Series Aggregation Services Routers are Cisco's ASR 920 series of multifunction routers.Cisco IOS XE Software is one of the operating systems dedicated to network devices. An arbitrary command execution vulnerability exists in the USB-modem code of the IOS XE Software in the Cisco A...