443 matches found
Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability
A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to...
Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability
A vulnerability in the Two-Way Active Measurement Protocol TWAMP server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. For Cisco IOS XR Software, this...
PT-2025-20263
Name of the Vulnerable Software and Affected Versions Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco NX-OS Software affected versions not specified Cisco Wireless LAN Controller WLC AireOS Software affected versions not specified...
Cisco IOS XE Software Bootstrap Arbitrary File Write (cisco-sa-bootstrap-KfgxYgdh)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient...
CVE-2025-20170
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...
Cisco IOS XE Software SNMP DoS (cisco-sa-snmp-dos-sdxnSUcW)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This...
CVE-2025-20175
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...
CVE-2025-20172
A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker...
CVE-2025-20173
The CVE-2025-20173 issue concerns Cisco IOS/IOS XE/IOS XR SNMP handling. The SNMP subsystem fails to handle certain requests due to improper error handling, enabling an authenticated remote attacker to trigger a denial of service. Affected are SNMP versions 1, 2c, and 3; exploitation requires a v...
Cisco IOS Software and IOS XE Software Access Control Error Vulnerability
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An access control error vulnerability exists in the Simple Network Management Protocol SNMP IPv4 access control list feature of Cisco IOS Software and IOS XE Software, which stems from the program not...
Cisco IOS XE Software Web UI XSRF (cisco-sa-webui-csrf-ycUYxkKO)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands o...
Cisco IOS XE Software Web UI XSRF (cisco-sa-ios-webui-HfwnRgk)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected...
CVE-2024-20508
A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...
CVE-2024-20510
A vulnerability in the Central Web Authentication CWA feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list ACL, which could allow access to network resources before user authentication. Thi...
CVE-2024-20464
A vulnerability in the Protocol Independent Multicast PIM feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An...
CVE-2024-20434
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...
CVE-2024-20455
A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense UTD component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists...
CVE-2024-20434
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...
CVE-2024-20434
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...
CVE-2024-20414
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...