Vulnerabilities > Cisco > IOS XE > 16.12.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3417 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3416 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3393 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2020-09-24 | CVE-2020-3390 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. | 5.7 |
| 2020-09-24 | CVE-2020-3359 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.8 |
| 2020-09-24 | CVE-2020-3396 | Improper Privilege Management vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. | 7.2 |
| 2020-06-03 | CVE-2020-3227 | Incorrect Authorization vulnerability in Cisco IOS XE A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. | 9.8 |
| 2020-06-03 | CVE-2020-3225 | Improper Input Validation vulnerability in Cisco IOS Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.8 |
| 2020-06-03 | CVE-2020-3223 | Link Following vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. | 6.8 |
| 2020-06-03 | CVE-2020-3222 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. low complexity cisco | 3.3 |