Cisco IOS XE vulnerabilities

CVE-2022-20723 [HIGH] CWE-22 CVE-2022-20723: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) at

CVE-2022-20722 [MEDIUM] CWE-22 CVE-2022-20722: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20727 [MEDIUM] CWE-22 CVE-2022-20727: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20692 [MEDIUM] CWE-400 CVE-2022-20692: A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privilege A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF o

CVE-2022-20684 [MEDIUM] CWE-190 CVE-2022-20684: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerab

CVE-2022-20724 [MEDIUM] CWE-22 CVE-2022-20724: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20725 [MEDIUM] CWE-22 CVE-2022-20725: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2022-20694 [MEDIUM] CWE-617 CVE-2022-20694: A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Ci A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI t

CVE-2022-20676 [MEDIUM] CWE-250 CVE-2022-20676: A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by l

CVE-2022-20721 [MEDIUM] CWE-22 CVE-2022-20721: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platform Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS)

CVE-2021-1529 [HIGH] CWE-78 CVE-2021-1529: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the sy

CVE-2021-1619 [CRITICAL] CWE-824 CVE-2021-1619: A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denia

CVE-2021-34770 [CRITICAL] CWE-122 CVE-2021-34770: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processi A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected devi

CVE-2021-34714 [HIGH] CWE-20 CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IO A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An att

CVE-2021-1624 [HIGH] CWE-399 CVE-2021-1624: A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Softw A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting fea

CVE-2021-34699 [HIGH] CWE-435 CVE-2021-34699: A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an aut A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run

CVE-2021-34767 [HIGH] CWE-670 CVE-2021-34767: A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Ca A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when p

CVE-2021-34768 [HIGH] CWE-415 CVE-2021-34768: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient va

CVE-2021-1623 [HIGH] CWE-399 CVE-2021-1623: A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability is due to the punt path being overwhelmed by large quantities of SNMP request

CVE-2021-1621 [HIGH] CWE-399 CVE-2021-1621: A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, ad A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulner