Vulnerabilities > Cisco > IOS XE > 16.12.1z
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
| 2021-03-24 | CVE-2021-1377 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. | 5.8 |
| 2021-01-13 | CVE-2021-1236 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.3 |
| 2021-01-13 | CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
| 2021-01-13 | CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 7.5 |
| 2020-11-06 | CVE-2020-3444 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 7.5 |
| 2020-09-24 | CVE-2020-3527 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. | 8.6 |
| 2020-09-24 | CVE-2020-3516 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. | 4.3 |
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-04-29 | CVE-2019-16011 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |