Cisco IOS XE vulnerabilities

505 known vulnerabilities affecting cisco/ios_xe.

Total CVEs
505
CISA KEV
27
actively exploited
Public exploits
8
Exploited in wild
28
Severity breakdown
CRITICAL20HIGH323MEDIUM161LOW1

Vulnerabilities

Page 2 of 26
CVE-2025-20194MEDIUMCVSS 5.4v17.3.1v17.3.1a+96 more2025-05-07
CVE-2025-20194 [MEDIUM] CWE-78 CVE-2025-20194: A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authen A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based mana
nvd
CVE-2025-20195MEDIUMCVSS 4.3v16.1.1v16.1.2+208 more2025-05-07
CVE-2025-20195 [MEDIUM] CWE-352 CVE-2025-20195: A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauth A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could expl
nvd
CVE-2025-20190MEDIUMCVSS 6.5v17.6.8v17.9.6+5 more2025-05-07
CVE-2025-20190 [MEDIUM] CWE-284 CVE-2025-20190: A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software c A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulne
nvd
CVE-2025-20171HIGHCVSS 7.7v3.2.0sev3.2.0sg+450 more2025-02-05
CVE-2025-20171 [HIGH] CWE-248 CVE-2025-20171: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20174HIGHCVSS 7.7v3.11.0sv3.11.1s+257 more2025-02-05
CVE-2025-20174 [HIGH] CWE-805 CVE-2025-20174: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20170HIGHCVSS 7.7v3.2.0sev3.2.0sg+444 more2025-02-05
CVE-2025-20170 [HIGH] CWE-805 CVE-2025-20170: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20176HIGHCVSS 7.7v3.3.0sev3.3.1se+378 more2025-02-05
CVE-2025-20176 [HIGH] CWE-248 CVE-2025-20176: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20173HIGHCVSS 7.7v3.2.0sev3.2.0sg+448 more2025-02-05
CVE-2025-20173 [HIGH] CWE-248 CVE-2025-20173: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20175HIGHCVSS 7.7v3.2.0sev3.2.0sg+452 more2025-02-05
CVE-2025-20175 [HIGH] CWE-805 CVE-2025-20175: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2025-20172HIGHCVSS 7.7v3.2.0sev3.2.1se+424 more2025-02-05
CVE-2025-20172 [HIGH] CWE-248 CVE-2025-20172: A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted S
nvd
CVE-2025-20169HIGHCVSS 7.7v3.2.0sev3.2.0sg+444 more2025-02-05
CVE-2025-20169 [HIGH] CWE-805 CVE-2025-20169: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect
nvd
CVE-2024-20510CRITICALCVSS 9.3v16.3.1v16.3.1a+195 more2024-09-25
CVE-2024-20510 [CRITICAL] CWE-863 CVE-2024-20510: A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireles A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when act
nvd
CVE-2024-20436HIGHCVSS 7.5v3.9.0asv3.9.1s+199 more2024-09-25
CVE-2024-20436 [HIGH] CWE-476 CVE-2024-20436: A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service featu A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulner
nvd
CVE-2024-20480HIGHCVSS 8.6v16.1.1v16.1.2+203 more2024-09-25
CVE-2024-20480 [HIGH] CWE-783 CVE-2024-20480: A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to impro
nvd
CVE-2024-20433HIGHCVSS 7.5v3.3.0sgv3.3.1sg+395 more2024-09-25
CVE-2024-20433 [HIGH] CWE-121 CVE-2024-20433: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An
nvd
CVE-2024-20455HIGHCVSS 8.6v17.1.1v17.1.1a+85 more2024-09-25
CVE-2024-20455 [HIGH] CWE-371 CVE-2024-20455: A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense ( A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as th
nvd
CVE-2024-20467HIGHCVSS 8.6v17.11.99swv17.12.1+1 more2024-09-25
CVE-2024-20467 [HIGH] CWE-399 CVE-2024-20467: A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Soft A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerabili
nvd
CVE-2024-20464HIGHCVSS 8.6v17.13.1v17.13.1a2024-09-25
CVE-2024-20464 [HIGH] CWE-20 CVE-2024-20464: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could a A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a cr
nvd
CVE-2024-20437HIGHCVSS 8.8v17.3.2v17.3.2a+64 more2024-09-25
CVE-2024-20437 [HIGH] CWE-352 CVE-2024-20437: A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauth A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected devi
nvd
CVE-2024-20414MEDIUMCVSS 6.5v3.2.0sev3.2.0sg+429 more2024-09-25
CVE-2024-20414 [MEDIUM] CWE-285 CVE-2024-20414: A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could e
nvd
← Previous2 / 26Next →