Vulnerabilities > Cisco > IOS XE > 16.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-06-03 | CVE-2020-3230 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. | 7.5 |
| 2020-06-03 | CVE-2020-3228 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-06-03 | CVE-2020-3226 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-06-03 | CVE-2020-3219 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. | 8.8 |
| 2020-06-03 | CVE-2020-3217 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2020-06-03 | CVE-2020-3215 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. | 6.7 |
| 2020-06-03 | CVE-2020-3213 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. | 6.7 |
| 2020-06-03 | CVE-2020-3209 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 6.8 |
| 2020-06-03 | CVE-2020-3204 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. | 6.7 |