25 matches found
CVE-2025-20314
CVE-2025-20314 describes a vulnerability in Cisco IOS XE Software where an authenticated local user with level-15 privileges or a physically proximate unauthenticated attacker can cause the device to execute persistent code at boot, effectively breaking the chain of trust. The root cause is impro...
PT-2025-39306
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...
The vulnerability of the microprogrammed software of Ruijie NBR2000G, NBR1300G, and Ruijie NBR1000 lies in the insufficient protection of operational data, allowing attackers to gain access to the administrator account.
The vulnerability of the microprogrammed software of Ruijie NBR2000G, NBR1300G, and Ruijie NBR1000 lies in the insufficient protection of operational data during the processing of the /WEBVMS/LEVEL15/ endpoint. Exploiting this vulnerability can allow a malicious actor to gain access to the...
VulnCheck KEV: CVE-2025-34057
An information disclosure vulnerability exists in Ruijie NBR series routers known to affect NBR2000G, NBR1300G, and NBR1000 models via the /WEBVMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker ca...
CVE-2025-20198
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...
CVE-2025-20200
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...
CVE-2025-20186
A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to...
CVE-2024-20306
A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...
CVE-2023-20231
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...
PT-2023-2222 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...
PT-2022-7009 · Cisco · Cisco Ios Xe +1
Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Authentication, Authorization, and Accounting AAA feature could allow an authenticated, remote attacker to bypass command...
CVE-2022-20855
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...
CVE-2022-20681
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validatio...
PT-2022-2745 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated,...
Cisco IOS XE Software 日志信息泄露漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...
Cisco IOS XE Software 安全漏洞
Cisco IOS is an operation and maintenance system developed by Cisco for its network equipment, where users set up the functions of the network equipment through the command line human-machine interface. IOS XE is a modular operating system based on Linux kernel developed for its network equipment...
CVE-2020-3210
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...
CVE-2020-3208
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...
PT-2019-3616 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...
Cisco IOS XE Command Injection Vulnerability (CNVD-2019-34374)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A command injection vulnerability exists in the web-based user interface of Cisco IOS XE, which can be exploited to execute Cisco IOS commands with elevated privileges level 15 via...