Cisco Ios Xe Software vulnerabilities

CVE-2022-20837 [HIGH] CWE-754 CVE-2022-20837: A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Add A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An at

CVE-2022-20870 [HIGH] CWE-130 CVE-2022-20870: A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Cat A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient

CVE-2022-20915 [HIGH] CWE-115 CVE-2022-20915: A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) o A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-

CVE-2022-20864 [MEDIUM] CWE-538 CVE-2022-20864: A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Softwa A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could ex

CVE-2022-20944 [MEDIUM] CWE-347 CVE-2022-20944: A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of

CVE-2022-20848 [HIGH] CWE-399 CVE-2022-20848: A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless C A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerab

CVE-2022-20847 [HIGH] CWE-399 CVE-2022-20847: A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software fo A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malic

CVE-2022-20851 [HIGH] CWE-77 CVE-2022-20851: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the a

CVE-2022-20856 [HIGH] CWE-664 CVE-2022-20856: A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mob A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and i

CVE-2022-20810 [MEDIUM] CWE-202 CVE-2022-20810: A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could

CVE-2022-20855 [MEDIUM] CWE-266 CVE-2022-20855: A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Con A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper chec

CVE-2022-20678 [HIGH] CWE-413 CVE-2022-20678: A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, re A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of craft

CVE-2022-20693 [HIGH] CWE-74 CVE-2022-20693: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the a

CVE-2022-20683 [HIGH] CWE-124 CVE-2022-20683: A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected

CVE-2022-20682 [HIGH] CWE-690 CVE-2022-20682: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processi A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of

CVE-2022-20681 [HIGH] CWE-266 CVE-2022-20681: A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisc A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI

CVE-2022-20679 [HIGH] CWE-20 CVE-2022-20679: A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthentica A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could expl

CVE-2022-20694 [MEDIUM] CWE-617 CVE-2022-20694: A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Ci A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI t

CVE-2022-20692 [MEDIUM] CWE-400 CVE-2022-20692: A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privilege A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF o

CVE-2022-20684 [MEDIUM] CWE-190 CVE-2022-20684: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerab