Vulnerabilities (CVE)

Vendor filter

Cisco Subscribe

Product filter

Ios Xe Subscribe

Filter

117 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1904 1 Cisco 1 Ios Xe 2019-10-09 6.8
A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF...
CVE-2019-1649 1 Cisco 14 Enterprise Network Compute System, Analog Voice Network Interface Modules Firmware, Asr 1000 Series Firmware and 11 more 2019-10-09 7.2
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This...
CVE-2019-12671 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient...
CVE-2019-12666 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation...
CVE-2019-12664 1 Cisco 1 Ios Xe 2019-10-09 5.0
A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel...
CVE-2019-12662 1 Cisco 52 Ios Xe, Nexus 3016 Firmware, Nexus 3048 Firmware and 49 more 2019-10-09 7.2
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an...
CVE-2019-12661 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root....
CVE-2019-12660 1 Cisco 1 Ios Xe 2019-10-09 4.9
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific...
CVE-2019-12659 1 Cisco 1 Ios Xe 2019-10-09 5.0
A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit...
CVE-2019-12649 1 Cisco 2 Ios, Ios Xe 2019-10-09 7.2
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists...
CVE-2019-12624 1 Cisco 1 Ios Xe 2019-10-09 6.8
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on...
CVE-2018-15374 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software...
CVE-2018-15372 1 Cisco 1 Ios Xe 2019-10-09 4.8
A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and...
CVE-2018-15371 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists...
CVE-2018-15368 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The...
CVE-2018-0481 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected...
CVE-2018-0480 1 Cisco 1 Ios Xe 2019-10-09 5.7
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race...
CVE-2018-0477 1 Cisco 1 Ios Xe 2019-10-09 7.2
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected...
CVE-2018-0476 1 Cisco 1 Ios Xe 2019-10-09 7.1
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...
CVE-2018-0475 1 Cisco 2 Ios, Ios Xe 2019-10-09 6.1
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability...