Ios Xe@16.12.6a Security Vulnerabilities and Issues — Ios Xe@16.12.6a CVE List

Lucene search

CiscoIos Xe16.12.6a

36 matches found

CVE•added 2022/04/15 3:15 p.m.•949 views

CVE-2022-20693

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input t...

9CVSS5.8AI score0.01709EPSS

CVE•added 2023/10/25 6:17 p.m.•636 views

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web U...

7.2CVSS8.2AI score0.92207EPSS

CVE•added 2023/09/27 6:15 p.m.•347 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.1AI score0.00879EPSS

CVE•added 2024/09/25 5:15 p.m.•142 views

CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a bu...

8.6CVSS7.6AI score0.00318EPSS

CVE•added 2022/04/15 3:15 p.m.•136 views

CVE-2022-20681

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation ...

7.8CVSS7.8AI score0.00111EPSS

CVE•added 2022/04/15 3:15 p.m.•121 views

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured ...

7.7CVSS7.2AI score0.00711EPSS

CVE•added 2023/03/23 5:15 p.m.•118 views

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could e...

8.6CVSS7.7AI score0.00135EPSS

CVE•added 2023/09/27 6:15 p.m.•112 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00111EPSS

CVE•added 2022/04/15 3:15 p.m.•107 views

CVE-2022-20682

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This v...

8.6CVSS8.4AI score0.00424EPSS

CVE•added 2023/09/27 6:15 p.m.•102 views

CVE-2023-20033

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource man...

8.6CVSS8.4AI score0.00159EPSS

CVE•added 2023/09/27 6:15 p.m.•92 views

CVE-2023-20227

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exp...

8.6CVSS7.5AI score0.0047EPSS

CVE•added 2023/09/27 6:15 p.m.•90 views

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the we...

8.8CVSS9AI score0.00636EPSS

CVE•added 2022/04/15 3:15 p.m.•89 views

CVE-2022-20683

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to i...

8.6CVSS8.5AI score0.00187EPSS

CVE•added 2025/02/05 5:15 p.m.•80 views

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnera...

7.7CVSS7AI score0.00185EPSS

CVE•added 2023/03/23 5:15 p.m.•79 views

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of...

7.4CVSS6.7AI score0.00045EPSS

CVE•added 2022/04/15 3:15 p.m.•72 views

CVE-2022-20692

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vul...

7.7CVSS6.5AI score0.00316EPSS

CVE•added 2024/03/27 6:15 p.m.•66 views

CVE-2024-20308

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly ...

8.6CVSS7.2AI score0.00992EPSS

CVE•added 2024/03/27 5:15 p.m.•62 views

CVE-2024-20312

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input va...

7.4CVSS6.8AI score0.00065EPSS

CVE•added 2025/02/05 5:15 p.m.•61 views

CVE-2025-20176

7.7CVSS7.2AI score0.00076EPSS

CVE•added 2024/09/25 5:15 p.m.•55 views

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vuln...

4.3CVSS7AI score0.00064EPSS

CVE•added 2024/09/25 5:15 p.m.•53 views

CVE-2024-20480

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual...

8.6CVSS7.2AI score0.00181EPSS

CVE•added 2025/02/05 5:15 p.m.•53 views

CVE-2025-20170

7.7CVSS7AI score0.00185EPSS

CVE•added 2024/09/25 5:15 p.m.•52 views

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration chan...

6.5CVSS7.1AI score0.00094EPSS

CVE•added 2025/05/07 6:15 p.m.•47 views

CVE-2025-20197

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific config...

8.2CVSS6.6AI score0.00018EPSS

CVE•added 2024/09/25 5:15 p.m.•46 views

CVE-2024-20510

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. T...

9.3CVSS7.2AI score0.00093EPSS

CVE•added 2025/05/07 6:15 p.m.•45 views

CVE-2025-20202

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery Protocol (CDP) neighbor ...

7.4CVSS7.3AI score0.00021EPSS

CVE•added 2025/05/07 6:15 p.m.•42 views

CVE-2025-20199

8.2CVSS4.8AI score0.00018EPSS

CVE•added 2025/02/05 5:15 p.m.•41 views

CVE-2025-20171

7.7CVSS7AI score0.00076EPSS

CVE•added 2025/02/05 5:15 p.m.•40 views

CVE-2025-20172

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker co...

7.7CVSS7.1AI score0.00076EPSS

CVE•added 2025/02/05 5:15 p.m.•40 views

CVE-2025-20174

7.7CVSS7.5AI score0.00185EPSS

CVE•added 2025/05/07 6:15 p.m.•40 views

CVE-2025-20198

8.2CVSS4.8AI score0.00018EPSS

CVE•added 2025/02/05 5:15 p.m.•38 views

CVE-2025-20173

7.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/05/07 6:15 p.m.•38 views

CVE-2025-20186

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to ins...

8.8CVSS9.2AI score0.00434EPSS

CVE•added 2025/02/05 5:15 p.m.•37 views

CVE-2025-20175

7.7CVSS7.2AI score0.00185EPSS

CVE•added 2025/05/07 6:15 p.m.•37 views

CVE-2025-20200

8.2CVSS6.6AI score0.00018EPSS

CVE•added 2025/05/07 6:15 p.m.•35 views

CVE-2025-20195

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management inte...

4.3CVSS4.9AI score0.00056EPSS