Ios Security Vulnerabilities and Issues — Ios CVE List

Lucene search

CiscoIos

8 matches found

CVE•added 2020/09/23 1:15 a.m.•156 views

CVE-2019-16009

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attack...

8.8CVSS9.1AI score0.01153EPSS

CVE•added 2020/09/24 6:15 p.m.•134 views

CVE-2020-3408

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine th...

8.6CVSS8.4AI score0.01156EPSS

CVE•added 2020/09/24 6:15 p.m.•88 views

CVE-2020-3477

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker cou...

5.5CVSS5.5AI score0.0005EPSS

CVE•added 2020/09/24 6:15 p.m.•62 views

CVE-2020-3409

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient process...

7.4CVSS7.3AI score0.00101EPSS

CVE•added 2020/09/24 6:15 p.m.•60 views

CVE-2020-3479

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vu...

7.8CVSS6.8AI score0.0039EPSS

CVE•added 2020/09/24 6:15 p.m.•58 views

CVE-2020-3475

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) ...

8.1CVSS6.6AI score0.00222EPSS

CVE•added 2020/09/24 6:15 p.m.•48 views

CVE-2020-3426

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unaut...

9.1CVSS8.6AI score0.00525EPSS

CVE•added 2020/09/24 6:15 p.m.•41 views

CVE-2020-3476

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An ...

6CVSS5.1AI score0.00064EPSS