Cisco IOS XE vulnerabilities

CVE-2020-3141 [HIGH] CWE-20 CVE-2020-3141: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3407 [HIGH] CWE-476 CVE-2020-3407: A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by access

CVE-2020-3390 [HIGH] CWE-20 CVE-2020-3390: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerabi

CVE-2020-3408 [HIGH] CWE-185 CVE-2020-3408: A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releas

CVE-2020-3512 [HIGH] CWE-388 CVE-2020-3512: A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco I A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the P

CVE-2020-3425 [HIGH] CWE-20 CVE-2020-3425: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an aut Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3414 [HIGH] CWE-19 CVE-2020-3414: A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An

CVE-2020-3399 [HIGH] CWE-126 CVE-2020-3399: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processi A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation d

CVE-2020-3359 [HIGH] CWE-20 CVE-2020-3359: A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mD

CVE-2020-3403 [HIGH] CWE-78 CVE-2020-3403: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of

CVE-2020-3400 [HIGH] CWE-862 CVE-2020-3400: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A succ

CVE-2020-3488 [HIGH] CWE-20 CVE-2020-3488: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient val

CVE-2020-3527 [HIGH] CWE-20 CVE-2020-3527: A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthen A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of

CVE-2020-3393 [HIGH] CWE-269 CVE-2020-3393: A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authent A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be

CVE-2020-3422 [HIGH] CWE-371 CVE-2020-3422: A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software c A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by anot

CVE-2020-3404 [HIGH] CWE-863 CVE-2020-3404: A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell

CVE-2020-3508 [HIGH] CWE-400 CVE-2020-3508: A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cis A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerabili

CVE-2020-3396 [HIGH] CWE-284 CVE-2020-3396: A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored o

CVE-2020-3510 [HIGH] CWE-388 CVE-2020-3510: A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could ex

CVE-2020-3418 [MEDIUM] CWE-284 CVE-2020-3418: A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this