Cisco Ios vulnerabilities

CVE-2023-20080 [HIGH] CWE-129 CVE-2023-20080: A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS X A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 me

CVE-2023-20081 [MEDIUM] CWE-122 CVE-2023-20081: A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) S A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insu

CVE-2023-20076 [HIGH] CWE-233 CVE-2023-20076: A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remot A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerabilit

CVE-2022-20920 [HIGH] CWE-755 CVE-2022-20920: A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allo A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affecte

CVE-2022-20919 [HIGH] CWE-248 CVE-2022-20919: A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sen A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input valid

CVE-2022-20726 [MEDIUM] CWE-22 CVE-2022-20726: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20697 [HIGH] CWE-691 CVE-2022-20697: A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP reques

CVE-2022-20718 [MEDIUM] CWE-22 CVE-2022-20718: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20719 [MEDIUM] CWE-22 CVE-2022-20719: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20720 [MEDIUM] CWE-22 CVE-2022-20720: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20723 [MEDIUM] CWE-22 CVE-2022-20723: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20722 [MEDIUM] CWE-22 CVE-2022-20722: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20725 [MEDIUM] CWE-22 CVE-2022-20725: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20761 [HIGH] CWE-248 CVE-2022-20761: A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Ser A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit t

CVE-2022-20727 [MEDIUM] CWE-22 CVE-2022-20727: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20677 [MEDIUM] CWE-22 CVE-2022-20677: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20724 [MEDIUM] CWE-22 CVE-2022-20724: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20721 [MEDIUM] CWE-22 CVE-2022-20721: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2021-34714 [HIGH] CWE-20 CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IO A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An att

CVE-2021-34699 [HIGH] CWE-435 CVE-2021-34699: A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an aut A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run