Cisco Ios And Ios Xe vulnerabilities

CVE-2016-6403 Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability CVE-2016-6403: Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability A vulnerability in the Data in Motion (DMo) application in Cisco IOS and IOS XE software with the IOx feature set could allow an unauthenticated, remote attacker to to cause a denial of service (DoS) condition in the DMo process. The vulnerability is due to insufficient input validation by the affected software. An

CVE-2020-3225 Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities CVE-2020-3225: Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulne

CVE-2017-3881 Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability CVE-2017-3881: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Pro

CVE-2019-12665 Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability CVE-2019-12665: Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to e

CVE-2019-1739 Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities CVE-2019-1739: Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities Multiple vulnerabilities in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. These vulnerabilities are due to a parsing issu

CVE-2021-1391 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability CVE-2021-1391: Cisco IOS and IOS XE Software Privilege Escalation Vulnerability A vulnerability in the dragonite debugger of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vu

CVE-2017-12240 Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability CVE-2017-12240: Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The

CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability CVE-2021-1392: Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists b

CVE-2017-3864 Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability CVE-2017-3864: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP p

CVE-2025-20160 Cisco IOS and IOS XE Software TACACS+ Authentication Bypass Vulnerability CVE-2025-20160: Cisco IOS and IOS XE Software TACACS+ Authentication Bypass Vulnerability A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is

CVE-2018-0467 Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability CVE-2018-0467: Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a m

CVE-2016-6474 Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability CVE-2016-6474: Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to improper validation of X.509 signatures during the SSH authenticatio

CVE-2017-6737 SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software CVE-2017-6737: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending

CVE-2018-0171 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability CVE-2018-0171: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Update August 20, 2025: Cisco is aware of continued exploitation activity of the vulnerability that is described in this advisory and strongly recommends that customers assess their systems and upgrade to a fixed software release as soon as possible. A vulnerability in the Smart Install feature of Cisco IOS So

CVE-2021-1620 Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability CVE-2021-1620: Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because

CVE-2019-1746 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability CVE-2019-1746: Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input val

CVE-2018-15373 Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability CVE-2018-15373: Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due t

CVE-2020-3201 Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability CVE-2020-3201: Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, unprivileged, and local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter.

CVE-2018-0197 Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability CVE-2018-0197: Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic

CVE-2017-6738 SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software CVE-2017-6738: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending