Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CiscoIos Xe16.6.1

97 matches found

CVE
CVEadded 2017/08/07 6:29 a.m.981 views

CVE-2017-6663

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information: CSCvd88936. Known Affec...

6.5CVSS6.2AI score0.01486EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.591 views

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web U...

7.2CVSS8.2AI score0.92207EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.344 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.1AI score0.00879EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.201 views

CVE-2020-3204

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is d...

7.2CVSS6.9AI score0.00063EPSS
CVE
CVEadded 2024/09/25 5:15 p.m.142 views

CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a bu...

8.6CVSS7.6AI score0.00318EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.126 views

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large pac...

8.6CVSS8.4AI score0.00625EPSS
CVE
CVEadded 2020/09/24 6:15 p.m.125 views

CVE-2020-3417

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could expl...

7.2CVSS6.4AI score0.00084EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.118 views

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could e...

8.6CVSS7.7AI score0.00135EPSS
CVE
CVEadded 2019/03/28 1:29 a.m.112 views

CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker co...

4.3CVSS4.3AI score0.00074EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.112 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00111EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.111 views

CVE-2022-20694

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability i...

7.1CVSS6.6AI score0.0036EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.110 views

CVE-2018-0197

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a log...

6.5CVSS6.5AI score0.00149EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.104 views

CVE-2022-20724

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

7.6CVSS5.9AI score0.00582EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.102 views

CVE-2023-20033

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource man...

8.6CVSS8.4AI score0.00159EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.100 views

CVE-2022-20721

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00553EPSS
CVE
CVEadded 2019/03/27 11:29 p.m.98 views

CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is du...

8.6CVSS8.4AI score0.01156EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.98 views

CVE-2020-3228

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists bec...

8.6CVSS7.3AI score0.01654EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.98 views

CVE-2022-20718

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01869EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.97 views

CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which le...

7.7CVSS7.5AI score0.01166EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.97 views

CVE-2022-20723

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01255EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.93 views

CVE-2022-20725

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

5.5CVSS5.9AI score0.00764EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.91 views

CVE-2020-3201

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient i...

6CVSS5.8AI score0.00129EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.91 views

CVE-2022-20720

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.00566EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.89 views

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates....

7.4CVSS7.4AI score0.00421EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.89 views

CVE-2022-20722

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00553EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.84 views

CVE-2022-20727

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

7.2CVSS6.3AI score0.00534EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.83 views

CVE-2019-1745

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by ...

8.8CVSS7.9AI score0.0009EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.82 views

CVE-2022-20719

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01577EPSS
CVE
CVEadded 2025/02/05 5:15 p.m.80 views

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnera...

7.7CVSS7AI score0.00185EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.78 views

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vul...

8.6CVSS7.6AI score0.00376EPSS
CVE
CVEadded 2018/10/05 2:29 p.m.77 views

CVE-2018-0467

A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a m...

8.6CVSS8.5AI score0.00944EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.77 views

CVE-2019-1752

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this ...

8.6CVSS7.6AI score0.01587EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.77 views

CVE-2019-1753

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) func...

9CVSS8.9AI score0.01162EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.77 views

CVE-2021-1377

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because A...

5.8CVSS5.7AI score0.00544EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.76 views

CVE-2021-1403

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections i...

7.4CVSS7.2AI score0.00109EPSS
CVE
CVEadded 2018/03/28 10:29 p.m.74 views

CVE-2018-0157

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending frag...

8.6CVSS8.4AI score0.02747EPSS
CVE
CVEadded 2019/03/28 1:29 a.m.74 views

CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected soft...

5.9CVSS5.9AI score0.00339EPSS
CVE
CVEadded 2019/03/28 1:29 a.m.74 views

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handl...

4.4CVSS4.3AI score0.00023EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.74 views

CVE-2022-20684

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of ...

7.4CVSS6.7AI score0.00086EPSS
CVE
CVEadded 2019/03/28 1:29 a.m.72 views

CVE-2019-1759

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic err...

5.3CVSS5.2AI score0.37993EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.72 views

CVE-2020-3209

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages...

7.2CVSS6.9AI score0.0045EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.72 views

CVE-2022-20692

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vul...

7.7CVSS6.5AI score0.00316EPSS
CVE
CVEadded 2021/03/24 9:15 p.m.70 views

CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and bo...

7.2CVSS6.7AI score0.00025EPSS
CVE
CVEadded 2019/03/28 1:29 a.m.69 views

CVE-2019-1755

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

9CVSS7AI score0.00308EPSS
CVE
CVEadded 2020/06/03 6:15 p.m.69 views

CVE-2020-3230

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2...

7.5CVSS7.5AI score0.01961EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.68 views

CVE-2019-1742

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious r...

7.5CVSS5.8AI score0.01145EPSS
CVE
CVEadded 2019/03/28 12:29 a.m.68 views

CVE-2019-1749

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. T...

7.4CVSS7.4AI score0.00378EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.68 views

CVE-2021-1619

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected d...

9.8CVSS9.8AI score0.01446EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.68 views

CVE-2021-34705

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial s...

5.3CVSS5.4AI score0.00552EPSS
CVE
CVEadded 2017/08/07 6:29 a.m.66 views

CVE-2017-6664

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected dev...

7.5CVSS7.5AI score0.00359EPSS
Total number of security vulnerabilities97