Cisco IOS XE vulnerabilities

CVE-2021-1384 [HIGH] CWE-77 CVE-2021-1384: A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability

CVE-2021-1442 [HIGH] CWE-532 CVE-2021-1442: A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Softwa A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges cou

CVE-2021-1373 [HIGH] CWE-126 CVE-2021-1373: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processi A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insuffi

CVE-2021-1435 [HIGH] CWE-22 CVE-2021-1435: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary co

CVE-2021-1433 [HIGH] CWE-119 CVE-2021-1433: A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticate A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The at

CVE-2021-1431 [HIGH] CWE-20 CVE-2021-1431: A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticate A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected d

CVE-2021-1352 [MEDIUM] CWE-823 CVE-2021-1352: A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software c A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could ex

CVE-2021-1356 [MEDIUM] CWE-20 CVE-2021-1356: Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attac

CVE-2021-1220 [MEDIUM] CWE-20 CVE-2021-1220: Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attac

CVE-2021-1376 [MEDIUM] CWE-347 CVE-2021-1376: Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Cataly Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned bin

CVE-2021-1375 [MEDIUM] CWE-347 CVE-2021-1375: Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Cataly Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned bin

CVE-2021-1453 [MEDIUM] CWE-347 CVE-2021-1453: A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Ci A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatur

CVE-2021-1377 [MEDIUM] CWE-399 CVE-2021-1377: A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit th

CVE-2021-1441 [MEDIUM] CWE-78 CVE-2021-1441: A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Seri A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a di

CVE-2021-1374 [MEDIUM] CWE-79 CVE-2021-1374: A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software f A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficien

CVE-2021-1381 [MEDIUM] CWE-489 CVE-2021-1381: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high priv A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the ha

CVE-2021-1390 [MEDIUM] CWE-123 CVE-2021-1390: A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an a A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits mo

CVE-2021-1391 [MEDIUM] CWE-489 CVE-2021-1391: A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, loc A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consen

CVE-2021-1394 [MEDIUM] CWE-399 CVE-2021-1394: A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergenc A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic

CVE-2021-1385 [MEDIUM] CWE-22 CVE-2021-1385: A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could a A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An