Cisco iOS vulnerabilities

CVE-2025-20175 [HIGH] CWE-805 CVE-2025-20175: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2025-20169 [HIGH] CWE-805 CVE-2025-20169: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2024-20433 [HIGH] CWE-121 CVE-2024-20433: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An

CVE-2024-20465 [MEDIUM] CWE-284 CVE-2024-20465: A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator e

CVE-2024-20414 [MEDIUM] CWE-285 CVE-2024-20414: A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could e

CVE-2024-20307 [HIGH] CWE-121 CVE-2024-20307: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software coul A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerabili

CVE-2024-20276 [HIGH] CWE-248 CVE-2024-20276: A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthe A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A

CVE-2024-20312 [HIGH] CWE-476 CVE-2024-20312: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Soft A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An atta

CVE-2024-20311 [HIGH] CWE-674 CVE-2024-20311: A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to

CVE-2024-20308 [HIGH] CWE-787 CVE-2024-20308: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software coul A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerabil

CVE-2023-20186 [CRITICAL] CWE-285 CVE-2023-20186: A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Soft A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect

CVE-2023-20109 [MEDIUM] CWE-787 CVE-2023-20109: A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software a A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to i

CVE-2023-20080 [HIGH] CWE-129 CVE-2023-20080: A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS X A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 me

CVE-2023-20081 [MEDIUM] CWE-122 CVE-2023-20081: A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) S A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insu

CVE-2022-20920 [HIGH] CWE-755 CVE-2022-20920: A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allo A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affecte

CVE-2022-20726 [HIGH] CWE-22 CVE-2022-20726: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) at

CVE-2022-20697 [HIGH] CWE-691 CVE-2022-20697: A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP reques

CVE-2022-20761 [MEDIUM] CWE-248 CVE-2022-20761: A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Ser A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit

CVE-2022-20727 [MEDIUM] CWE-22 CVE-2022-20727: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20724 [MEDIUM] CWE-22 CVE-2022-20724: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)