Vulnerabilities > Cisco > IOS XE > 16.11.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-1446 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2021-03-24 | CVE-2021-1443 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. | 7.2 |
| 2021-03-24 | CVE-2021-1442 | Unspecified vulnerability in Cisco IOS XE A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. | 7.8 |
| 2021-03-24 | CVE-2021-1436 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. | 4.4 |
| 2021-03-24 | CVE-2021-1435 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1434 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. | 6.0 |
| 2021-03-24 | CVE-2021-1431 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. | 7.5 |
| 2021-03-24 | CVE-2021-1403 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. | 7.4 |
| 2021-03-24 | CVE-2021-1398 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. low complexity cisco | 6.8 |
| 2021-03-24 | CVE-2021-1392 | Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. | 7.8 |