Ios@15.2(5)ex Security Vulnerabilities and Issues — Ios@15.2(5)ex CVE List

Lucene search

CiscoIos15.2(5)ex

28 matches found

CVE•added 2017/07/17 9:29 p.m.•998 views

CVE-2017-6744

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnera...

9CVSS9.1AI score0.16612EPSS

CVE•added 2023/09/27 6:15 p.m.•363 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.1AI score0.01331EPSS

CVE•added 2020/06/03 6:15 p.m.•201 views

CVE-2020-3204

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is d...

7.2CVSS6.9AI score0.00059EPSS

CVE•added 2022/10/10 9:15 p.m.•134 views

CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this ...

7.7CVSS7.4AI score0.00235EPSS

CVE•added 2023/03/23 5:15 p.m.•118 views

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could e...

8.6CVSS7.7AI score0.00153EPSS

CVE•added 2019/03/28 1:29 a.m.•112 views

CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker co...

4.3CVSS4.3AI score0.00099EPSS

CVE•added 2023/09/27 6:15 p.m.•112 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Prot...

9.1CVSS9.2AI score0.00089EPSS

CVE•added 2018/10/05 2:29 p.m.•110 views

CVE-2018-0197

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a log...

6.5CVSS6.5AI score0.00186EPSS

CVE•added 2020/06/03 6:15 p.m.•97 views

CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which le...

7.7CVSS7.5AI score0.0126EPSS

CVE•added 2019/03/28 12:29 a.m.•95 views

CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation ...

7.4CVSS6.9AI score0.00145EPSS

CVE•added 2019/03/28 12:29 a.m.•89 views

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates....

7.4CVSS7.4AI score0.00395EPSS

CVE•added 2025/02/05 5:15 p.m.•81 views

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnera...

7.7CVSS7AI score0.00185EPSS

CVE•added 2019/09/25 9:15 p.m.•80 views

CVE-2019-12668

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to i...

4.8CVSS5AI score0.0017EPSS

CVE•added 2021/03/24 8:15 p.m.•77 views

CVE-2021-1377

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because A...

5.8CVSS5.7AI score0.00391EPSS

CVE•added 2019/03/28 1:29 a.m.•74 views

CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected soft...

5.9CVSS5.9AI score0.00317EPSS

CVE•added 2020/06/03 6:15 p.m.•66 views

CVE-2020-3231

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is receive...

4.7CVSS4.6AI score0.0007EPSS

CVE•added 2020/06/03 6:15 p.m.•65 views

CVE-2020-3217

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition ...

8.8CVSS9AI score0.00324EPSS

CVE•added 2021/09/23 3:15 a.m.•63 views

CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerabi...

7.7CVSS7.4AI score0.00786EPSS

CVE•added 2025/02/05 5:15 p.m.•61 views

CVE-2025-20176

7.7CVSS7.2AI score0.00076EPSS

CVE•added 2021/03/24 8:15 p.m.•60 views

CVE-2021-1391

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker co...

7.2CVSS5.8AI score0.00039EPSS

CVE•added 2024/03/27 5:15 p.m.•59 views

CVE-2024-20311

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit ...

8.6CVSS7.1AI score0.01168EPSS

CVE•added 2017/09/29 1:34 a.m.•53 views

CVE-2017-12228

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient cer...

5.9CVSS5.7AI score0.00286EPSS

CVE•added 2025/02/05 5:15 p.m.•53 views

CVE-2025-20170

7.7CVSS7AI score0.00185EPSS

CVE•added 2021/09/23 3:15 a.m.•52 views

CVE-2021-1620

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the cod...

7.7CVSS7.4AI score0.00397EPSS

CVE•added 2025/02/05 5:15 p.m.•41 views

CVE-2025-20171

7.7CVSS7AI score0.00076EPSS

CVE•added 2025/02/05 5:15 p.m.•40 views

CVE-2025-20172

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker co...

7.7CVSS7.1AI score0.00076EPSS

CVE•added 2025/02/05 5:15 p.m.•38 views

CVE-2025-20173

7.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/05 5:15 p.m.•37 views

CVE-2025-20175

7.7CVSS7.2AI score0.00185EPSS