386 matches found
CVE-2025-20149
CVE-2025-20149 affects Cisco IOS and IOS XE CLI, where a buffer overflow in the CLI could be triggered by crafted commands from a low-privileged, authenticated user to cause an unexpected device reload (DoS). The vulnerability is local-attack accessible (LOCAL), with LOW privileges required and n...
CVE-2025-20327
CVE-2025-20327 : Cisco IOS Software web UI vulnerability caused by improper input validation. An authenticated, low-privilege attacker can craft a URL in an HTTP request to trigger a reload and DoS. The issue affects the Cisco IOS/Web UI and has a CVSS:3.1 base score of 7.7 (Network, Low Privileg...
CVE-2025-20352
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service DoS condition on an affected device that is running Cisco IOS...
Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...
PT-2025-33327
Name of the Vulnerable Software and Affected Versions: Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco Secure Firewall Adaptive Security Appliance ASA Software affected versions not specified Cisco Secure Firewall Threat Defense FTD...
PT-2025-30323 · Ibm · Ibm Cognos Analytics Mobile
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile iOS versions 1.1.0 through 1.1.22 Description: IBM Cognos Analytics Mobile iOS may expose information due to the use of unencrypted network traffic. Recommendations: IBM Cognos Analytics Mobile iOS versions prior t...
CVE-2024-20414
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...
CVE-2024-20465
A vulnerability in the access control list ACL programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs o...
CVE-2024-20373
A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...
CVE-2024-20307
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly...
CVE-2023-20186
A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...
CVE-2025-20181
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...
CVE-2025-20151
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 SNMPv3 feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from ...
CVE-2025-20191
A vulnerability in the Switch Integrated Security Features SISF of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected...
CVE-2025-20154
A vulnerability in the Two-Way Active Measurement Protocol TWAMP server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. For Cisco IOS XR Software, this...
CVE-2025-20196
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...
CVE-2025-20191
A vulnerability in the Switch Integrated Security Features SISF of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected...
CVE-2025-20164
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...
CVE-2025-20181
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...
CVE-2025-20154
A vulnerability in the Two-Way Active Measurement Protocol TWAMP server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. For Cisco IOS XR Software, this...