Cisco Ios Xe Software 16.1.1 vulnerabilities

CVE-2020-3475 [HIGH] CWE-20 CVE-2020-3475: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabiliti

CVE-2020-3474 [HIGH] CWE-20 CVE-2020-3474: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabiliti

CVE-2020-3141 [HIGH] CWE-20 CVE-2020-3141: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3425 [HIGH] CWE-20 CVE-2020-3425: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3203 [HIGH] CWE-400 CVE-2020-3203: A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certa

CVE-2020-3219 [HIGH] CWE-77 CVE-2020-3219: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vuln

CVE-2019-12658 [HIGH] CWE-400 CVE-2019-12658: A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an u A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit thi