Cisco Ios And Ios Xe Software vulnerabilities

9 known vulnerabilities affecting cisco/cisco_ios_and_ios_xe_software.

Total CVEs
9
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2019-1747HIGHCVSS 8.6v16.10.12019-03-28
CVE-2019-1747 [HIGH] CWE-20 CVE-2019-1747: A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of C A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are enc
cvelistv5nvd
CVE-2019-1748HIGHCVSS 7.4v3.7.7Sv3.9.1S+180 more2019-03-28
CVE-2019-1748 [HIGH] CWE-295 CVE-2019-1748: A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS X A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplyi
cvelistv5nvd
CVE-2019-1752HIGHCVSS 7.5v3.8.0Sv3.8.1S+128 more2019-03-28
CVE-2019-1752 [HIGH] CWE-20 CVE-2019-1752: A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specifi
cvelistv5nvd
CVE-2019-1762MEDIUMCVSS 4.4v16.6.1v16.6.2+26 more2019-03-28
CVE-2019-1762 [MEDIUM] CWE-200 CVE-2019-1762: A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authen A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit th
cvelistv5nvd
CVE-2019-1761MEDIUMCVSS 4.3v3.2.0SGv3.2.1SG+270 more2019-03-28
CVE-2019-1761 [MEDIUM] CWE-665 CVE-2019-1761: A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 tra
cvelistv5nvd
CVE-2019-1746MEDIUMCVSS 6.5v3.2.0SGv3.2.1SG+91 more2019-03-28
CVE-2019-1746 [MEDIUM] CWE-20 CVE-2019-1746: A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and C A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker cou
cvelistv5nvd
CVE-2019-1757MEDIUMCVSS 5.9v3.6.4Ev3.6.5E+107 more2019-03-28
CVE-2019-1757 [MEDIUM] CWE-295 CVE-2019-1757: A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by
cvelistv5nvd
CVE-2018-0197MEDIUMCVSS 6.5v15.2(2)E62018-10-05
CVE-2018-0197 [MEDIUM] CWE-20 CVE-2018-0197: A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset
cvelistv5nvd
CVE-2017-3881CRITICALCVSS 9.8KEVPoCvCisco IOS and IOS XE Software2017-03-17
CVE-2017-3881 [CRITICAL] CVE-2017-3881: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet inter
cvelistv5