Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CiscoIos Xe17.2.1

99 matches found

CVE
CVEadded 2022/04/15 3:15 p.m.952 views

CVE-2022-20693

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input t...

9CVSS5.8AI score0.01999EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.691 views

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web U...

7.2CVSS8.2AI score0.91736EPSS
In wild
CVE
CVEadded 2023/09/27 6:15 p.m.374 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.1AI score0.01145EPSS
In wild
CVE
CVEadded 2024/09/25 5:15 p.m.143 views

CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a bu...

8.6CVSS7.6AI score0.0044EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.137 views

CVE-2022-20681

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation ...

7.8CVSS7.8AI score0.0011EPSS
CVE
CVEadded 2022/10/10 9:15 p.m.135 views

CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this ...

7.7CVSS7.4AI score0.00235EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.127 views

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large pac...

8.6CVSS8.4AI score0.00685EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.122 views

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured ...

7.7CVSS7.2AI score0.00823EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.120 views

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could e...

8.6CVSS7.7AI score0.00153EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.114 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00089EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.108 views

CVE-2022-20682

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This v...

8.6CVSS8.4AI score0.01071EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.105 views

CVE-2022-20724

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

7.6CVSS5.9AI score0.00557EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.102 views

CVE-2022-20721

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00518EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.100 views

CVE-2022-20718

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01799EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.99 views

CVE-2022-20723

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01208EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.94 views

CVE-2022-20725

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

5.5CVSS5.9AI score0.00828EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.93 views

CVE-2023-20227

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exp...

8.6CVSS7.5AI score0.00515EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.92 views

CVE-2022-20676

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpret...

7.2CVSS6.4AI score0.0005EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.92 views

CVE-2022-20720

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.00544EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.90 views

CVE-2022-20683

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to i...

8.6CVSS8.5AI score0.00638EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.90 views

CVE-2022-20722

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

6.8CVSS5.9AI score0.00518EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.86 views

CVE-2022-20727

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

7.2CVSS6.3AI score0.00423EPSS
CVE
CVEadded 2020/11/06 7:15 p.m.84 views

CVE-2020-3444

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by cra...

7.5CVSS6.5AI score0.00544EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.84 views

CVE-2022-20719

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being au...

9CVSS6.4AI score0.01518EPSS
CVE
CVEadded 2025/02/05 5:15 p.m.82 views

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnera...

7.7CVSS7AI score0.00222EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.81 views

CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device ...

6.5CVSS6.7AI score0.00414EPSS
CVE
CVEadded 2024/03/27 6:15 p.m.81 views

CVE-2024-20307

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly r...

7.5CVSS7.1AI score0.0123EPSS
CVE
CVEadded 2023/03/23 5:15 p.m.80 views

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of...

7.4CVSS6.7AI score0.00059EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.79 views

CVE-2021-1441

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is du...

7.2CVSS6.5AI score0.0007EPSS
CVE
CVEadded 2023/09/27 6:15 p.m.79 views

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vul...

8.6CVSS7.6AI score0.00412EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.78 views

CVE-2021-1377

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because A...

5.8CVSS5.7AI score0.00391EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.77 views

CVE-2021-1403

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections i...

7.4CVSS7.2AI score0.00122EPSS
CVE
CVEadded 2024/03/27 5:15 p.m.77 views

CVE-2024-20324

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show ...

5.5CVSS6.8AI score0.00068EPSS
CVE
CVEadded 2021/03/24 9:15 p.m.76 views

CVE-2021-1381

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could ex...

6.1CVSS6.2AI score0.00105EPSS
CVE
CVEadded 2022/04/15 3:15 p.m.73 views

CVE-2022-20692

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vul...

7.7CVSS6.5AI score0.00801EPSS
CVE
CVEadded 2024/03/27 5:15 p.m.73 views

CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. Th...

8.6CVSS7.1AI score0.01168EPSS
CVE
CVEadded 2021/03/24 9:15 p.m.71 views

CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and bo...

7.2CVSS6.7AI score0.00023EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.70 views

CVE-2021-34705

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial s...

5.3CVSS5.4AI score0.00337EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.69 views

CVE-2021-1619

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected d...

9.8CVSS9.8AI score0.01115EPSS
CVE
CVEadded 2021/03/24 9:15 p.m.68 views

CVE-2021-1356

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due...

4.3CVSS5.2AI score0.00123EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.68 views

CVE-2021-1392

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorr...

7.8CVSS7.6AI score0.00033EPSS
CVE
CVEadded 2024/03/27 5:15 p.m.68 views

CVE-2024-20303

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attack...

7.4CVSS6.8AI score0.001EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.67 views

CVE-2021-1398

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to...

6.9CVSS6.9AI score0.00061EPSS
CVE
CVEadded 2024/03/27 6:15 p.m.67 views

CVE-2024-20308

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly ...

8.6CVSS7.2AI score0.00992EPSS
CVE
CVEadded 2024/03/27 5:15 p.m.67 views

CVE-2024-20309

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware i...

5.6CVSS6.7AI score0.00045EPSS
CVE
CVEadded 2021/03/24 9:15 p.m.66 views

CVE-2021-1374

A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an a...

4.8CVSS5AI score0.00153EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.66 views

CVE-2021-1390

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnera...

7.2CVSS6.3AI score0.00038EPSS
CVE
CVEadded 2021/03/24 8:15 p.m.65 views

CVE-2021-1443

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are p...

8.5CVSS6.5AI score0.00657EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.65 views

CVE-2021-34770

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a den...

10CVSS8.8AI score0.01056EPSS
CVE
CVEadded 2021/09/23 3:15 a.m.64 views

CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerabi...

7.7CVSS7.4AI score0.00786EPSS
Total number of security vulnerabilities99