Vulnerabilities > Cisco > IOS XE > 16.12.3a

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-20720 Link Following vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-59
7.2
7.2
2022-04-15 CVE-2022-20721 Path Traversal vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-22
4.9
4.9
2022-04-15 CVE-2022-20722 Path Traversal vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-22
4.9
4.9
2022-04-15 CVE-2022-20723 Path Traversal vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-22
7.2
7.2
2022-04-15 CVE-2022-20724 Race Condition vulnerability in Cisco products
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
high complexity
cisco CWE-362
5.3
5.3
2022-04-15 CVE-2022-20725 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-79
4.8
4.8
2022-04-15 CVE-2022-20727 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
local
low complexity
cisco CWE-22
6.7
6.7
2021-10-21 CVE-2021-1529 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.8
7.8
2021-09-23 CVE-2021-1611 Unspecified vulnerability in Cisco IOS XE
A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
8.6
2021-09-23 CVE-2021-1616 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG.
network
low complexity
cisco
4.7
4.7