Cisco IOS XE vulnerabilities

CVE-2020-3229 [HIGH] CWE-264 CVE-2020-3229: A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Sof A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by

CVE-2020-3217 [HIGH] CWE-20 CVE-2020-3217: A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Sof A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insuff

CVE-2020-3218 [HIGH] CWE-20 CVE-2020-3218: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious

CVE-2020-3212 [HIGH] CWE-77 CVE-2020-3212: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of

CVE-2020-3224 [HIGH] CWE-77 CVE-2020-3224: A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an aut A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific

CVE-2020-3215 [MEDIUM] CWE-264 CVE-2020-3215: A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authentica A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on a

CVE-2020-3222 [MEDIUM] CWE-17 CVE-2020-3222: A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an una A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to t

CVE-2020-3204 [MEDIUM] CWE-20 CVE-2020-3204: A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS X A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to t

CVE-2020-3209 [MEDIUM] CWE-347 CVE-2020-3209: A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticat A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system

CVE-2020-3207 [MEDIUM] CWE-77 CVE-2020-3207: A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could a A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options

CVE-2020-3213 [MEDIUM] CWE-264 CVE-2020-3213: A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by send

CVE-2020-3220 [MEDIUM] CWE-345 CVE-2020-3220: A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integra A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity

CVE-2020-3214 [MEDIUM] CWE-264 CVE-2020-3214: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate th A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

CVE-2020-3206 [MEDIUM] CWE-20 CVE-2020-3206: A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properl

CVE-2020-3201 [MEDIUM] CWE-20 CVE-2020-3201: A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS X A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter.

CVE-2020-3223 [MEDIUM] CWE-59 CVE-2020-3223: A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an aut A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specif

CVE-2019-16011 [HIGH] CWE-77 CVE-2019-16011: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utili

CVE-2019-1950 [HIGH] CWE-255 CVE-2019-1950: A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to ga A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges.

CVE-2019-12654 [HIGH] CWE-476 CVE-2019-12654: A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Soft A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exp

CVE-2019-12657 [HIGH] CWE-20 CVE-2019-12657: A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthentica A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is c