Cisco Ios Xe Software vulnerabilities

CVE-2021-1441 [MEDIUM] CWE-78 CVE-2021-1441: A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Seri A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a di

CVE-2021-1281 [MEDIUM] CWE-399 CVE-2021-1281: A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, loca A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative u

CVE-2021-1374 [MEDIUM] CWE-79 CVE-2021-1374: A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software f A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficien

CVE-2021-1381 [MEDIUM] CWE-489 CVE-2021-1381: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high priv A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the ha

CVE-2021-1434 [MEDIUM] CWE-552 CVE-2021-1434: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific paramete

CVE-2021-1394 [MEDIUM] CWE-399 CVE-2021-1394: A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergenc A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic

CVE-2021-1454 [MEDIUM] CWE-20 CVE-2021-1454: Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, lo Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submi

CVE-2021-1382 [MEDIUM] CWE-77 CVE-2021-1382: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to

CVE-2020-3497 [HIGH] CWE-20 CVE-2020-3497: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient val

CVE-2020-3407 [HIGH] CWE-476 CVE-2020-3407: A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by access

CVE-2020-3403 [HIGH] CWE-78 CVE-2020-3403: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of

CVE-2020-3396 [HIGH] CWE-284 CVE-2020-3396: A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored o

CVE-2020-3494 [HIGH] CWE-20 CVE-2020-3494: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient val

CVE-2020-3493 [HIGH] CWE-20 CVE-2020-3493: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient val

CVE-2020-3526 [HIGH] CWE-20 CVE-2020-3526: A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cB A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A

CVE-2020-3488 [HIGH] CWE-20 CVE-2020-3488: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient val

CVE-2020-3421 [HIGH] CWE-754 CVE-2020-3421: Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sen

CVE-2020-3509 [HIGH] CWE-388 CVE-2020-3509: A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broad A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are par

CVE-2020-3390 [HIGH] CWE-20 CVE-2020-3390: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerabi

CVE-2020-3480 [HIGH] CWE-754 CVE-2020-3480: Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sen