Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CiscoIos Xe

520 matches found

CVE
CVEadded 2019/03/28 1:29 a.m.112 views

CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker co...

4.3CVSS4.3AI score0.00074EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.112 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00111EPSS
CVE
CVEadded 2019/09/25 8:15 p.m.111 views

CVE-2019-12650

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

9CVSS8.4AI score0.10821EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.111 views

CVE-2022-20694

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability i...

7.1CVSS6.6AI score0.0036EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.110 views

CVE-2018-0197

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a log...

6.5CVSS6.5AI score0.00149EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.109 views

CVE-2018-0196

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

4.9CVSS5.2AI score0.00142EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.107 views

CVE-2022-20682

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This v...

8.6CVSS8.4AI score0.00424EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.106 views

CVE-2015-6360

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

7.8CVSS7.1AI score0.12366EPSS
CVE
CVEadded 2016/05/29 10:59 p.m.106 views

CVE-2016-1409

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in ...

7.5CVSS7.1AI score0.04038EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.106 views

CVE-2018-0189

A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursi...

7.1CVSS5.4AI score0.00336EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.104 views

CVE-2022-20724

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

7.6CVSS5.9AI score0.00582EPSS
CVE
CVEadded 2022/09/30 7:15 p.m.104 views

CVE-2022-20919

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition....

8.6CVSS7.9AI score0.00194EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.104 views

CVE-2023-20081

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a...

6.8CVSS6.2AI score0.00152EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.103 views

CVE-2018-15373

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to im...

7.4CVSS7.5AI score0.00227EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.102 views

CVE-2021-1384

A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages load...

8.5CVSS7AI score0.22405EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.102 views

CVE-2023-20033

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource man...

8.6CVSS8.4AI score0.00159EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.100 views

CVE-2022-20721

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00553EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.99 views

CVE-2018-15371

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authenti...

7.2CVSS6.7AI score0.00048EPSS
CVE
CVEadded 2022/09/27 6:15 p.m.99 views

CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

4.7CVSS4.7AI score0.00018EPSS
CVE
CVEadded 2019/03/27 11:29 p.m.98 views

CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is du...

8.6CVSS8.4AI score0.01156EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.98 views

CVE-2020-3228

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists bec...

8.6CVSS7.3AI score0.01654EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.98 views

CVE-2022-20718

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01869EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.97 views

CVE-2018-0475

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cl...

7.4CVSS7.3AI score0.00421EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.97 views

CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which le...

7.7CVSS7.5AI score0.01166EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.97 views

CVE-2022-20723

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01255EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.96 views

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could e...

8.6CVSS7.6AI score0.00149EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.95 views

CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation ...

7.4CVSS6.9AI score0.00145EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.94 views

CVE-2018-0164

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending craf...

8.6CVSS8.5AI score0.00484EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.94 views

CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...

8.6CVSS8.3AI score0.00447EPSS
CVE
CVEadded 2023/10/04 5:15 p.m.94 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker ...

8.8CVSS8.4AI score0.00177EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.93 views

CVE-2022-20725

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

5.5CVSS5.9AI score0.00764EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.92 views

CVE-2018-0176

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software...

7.8CVSS8.1AI score0.00168EPSS
CVE
CVEadded 2019/08/28 7:15 p.m.92 views

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST AP...

10CVSS9.6AI score0.19631EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.92 views

CVE-2023-20227

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exp...

8.6CVSS7.5AI score0.0047EPSS
CVE
CVEadded 2017/04/20 10:59 p.m.91 views

CVE-2017-3861

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. The...

8.6CVSS8.8AI score0.00683EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.91 views

CVE-2020-3201

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient i...

6CVSS5.8AI score0.00129EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.91 views

CVE-2022-20676

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpret...

7.2CVSS6.4AI score0.00028EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.91 views

CVE-2022-20720

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.00566EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.90 views

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the we...

8.8CVSS9AI score0.00636EPSS
CVE
CVEadded 2017/03/22 7:59 p.m.89 views

CVE-2017-3857

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient valida...

7.8CVSS7.5AI score0.01141EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.89 views

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates....

7.4CVSS7.4AI score0.00421EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.89 views

CVE-2022-20683

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to i...

8.6CVSS8.5AI score0.00187EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.89 views

CVE-2022-20722

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00553EPSS
CVE
CVEadded 2018/02/08 7:29 a.m.88 views

CVE-2018-0123

A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of t...

5.5CVSS5.4AI score0.00078EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.88 views

CVE-2018-0184

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly ...

7.2CVSS7AI score0.00062EPSS
CVE
CVEadded 2022/10/10 9:15 p.m.87 views

CVE-2022-20944

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that ...

6.8CVSS6.5AI score0.0001EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.87 views

CVE-2023-20097

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker w...

6.7CVSS5.7AI score0.00055EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.86 views

CVE-2023-20226

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to ...

8.6CVSS7.5AI score0.00178EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.85 views

CVE-2018-0485

A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, result...

8.6CVSS8.4AI score0.06054EPSS
CVE
CVEadded 2019/05/13 8:29 p.m.85 views

CVE-2019-1862

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes u...

9CVSS7.1AI score0.00965EPSS
Total number of security vulnerabilities520