Vulnerabilities > Cisco > IOS XE > 16.12.5b
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-20682 | NULL Pointer Dereference vulnerability in Cisco IOS XE A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-04-15 | CVE-2022-20683 | Out-of-bounds Write vulnerability in Cisco IOS XE A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-04-15 | CVE-2022-20692 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. | 6.5 |
| 2022-04-15 | CVE-2022-20693 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2021-10-21 | CVE-2021-1529 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. | 7.8 |
| 2021-09-23 | CVE-2021-1611 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2021-09-23 | CVE-2021-1616 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. | 4.7 |
| 2021-09-23 | CVE-2021-1619 | Use of Uninitialized Resource vulnerability in Cisco products A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. | 9.1 |
| 2021-09-23 | CVE-2021-1620 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. | 7.7 |
| 2021-09-23 | CVE-2021-1621 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. low complexity cisco | 7.4 |