Vulnerabilities > Cisco > IOS XE > 16.12.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 7.5 |
| 2020-11-06 | CVE-2020-3444 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 7.5 |
| 2020-09-24 | CVE-2020-3527 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. | 8.6 |
| 2020-09-24 | CVE-2020-3510 | Resource Exhaustion vulnerability in Cisco IOS XE 16.12.1/16.12.2/17.1.1 A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. | 8.6 |
| 2020-09-24 | CVE-2020-3425 | Unspecified vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. | 8.8 |
| 2020-09-24 | CVE-2020-3417 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3399 | Out-of-bounds Read vulnerability in Cisco IOS XE 16.12/16.12.1S/16.12.2 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. | 8.6 |
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-06-03 | CVE-2020-3204 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. | 6.7 |
| 2020-06-03 | CVE-2020-3203 | Memory Leak vulnerability in Cisco IOS XE A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. | 8.6 |