Cisco Ios And Ios Xe vulnerabilities

CVE-2019-1748 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability CVE-2019-1748: Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently valid

CVE-2017-12228 Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability CVE-2017-12228: Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability A vulnerability in the Cisco Network Plug and Play application of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate

CVE-2020-3230 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability CVE-2020-3230: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling

CVE-2024-20373 Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability CVE-2024-20373: Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is conf

CVE-2018-0466 Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability CVE-2018-0466: Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sendin

CVE-2022-20920 Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability CVE-2022-20920: Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connect

CVE-2017-3863 Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities CVE-2017-3863: Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted Ene

CVE-2016-6380 Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability CVE-2016-6380: Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. The vulnerability is due to a flaw in handling crafted

CVE-2018-0189 Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability CVE-2018-0189: Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing

CVE-2020-3477 Cisco IOS and IOS XE Software Information Disclosure Vulnerability CVE-2020-3477: Cisco IOS and IOS XE Software Information Disclosure Vulnerability A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using

CVE-2019-1752 Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability CVE-2019-1752: Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by c

CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability CVE-2020-3408: Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DN

CVE-2018-0484 Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability CVE-2018-0484: Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in th

CVE-2017-3849 Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability CVE-2017-3849: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to

CVE-2018-0172 Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability CVE-2018-0172: Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists b

CVE-2016-6404 Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability CVE-2016-6404: Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters pa

CVE-2020-3204 Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability CVE-2020-3204: Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input v

CVE-2017-6615 Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability CVE-2017-6615: Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could o

CVE-2017-3850 Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability CVE-2017-3850: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnera

CVE-2016-6385 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability CVE-2016-6385: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exp