Ios Xe@17.6.2 Security Vulnerabilities and Issues — Ios Xe@17.6.2 CVE List

Lucene search

CiscoIos Xe17.6.2

8 matches found

CVE•added 2023/10/25 6:17 p.m.•621 views

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web U...

7.2CVSS8.2AI score0.92207EPSS

CVE•added 2023/09/27 6:15 p.m.•346 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.1AI score0.00879EPSS

CVE•added 2023/03/23 5:15 p.m.•126 views

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large pac...

8.6CVSS8.4AI score0.00625EPSS

CVE•added 2023/09/27 6:15 p.m.•112 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00111EPSS

CVE•added 2023/09/27 6:15 p.m.•90 views

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the we...

8.8CVSS9AI score0.00636EPSS

CVE•added 2023/03/23 5:15 p.m.•79 views

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of...

7.4CVSS6.7AI score0.00045EPSS

CVE•added 2023/09/27 6:15 p.m.•78 views

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vul...

8.6CVSS7.6AI score0.00376EPSS

CVE•added 2023/03/23 5:15 p.m.•72 views

CVE-2023-20066

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could...

6.5CVSS6.5AI score0.00482EPSS