Vulnerabilities > Cisco > IOS XE > 16.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-1757 | Improper Certificate Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. | 5.9 |
| 2019-03-28 | CVE-2019-1755 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. | 7.2 |
| 2019-03-28 | CVE-2019-1752 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 7.5 |
| 2019-03-28 | CVE-2019-1745 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. | 7.8 |
| 2019-03-28 | CVE-2019-1743 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. | 8.8 |
| 2019-03-28 | CVE-2019-1742 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. | 5.3 |
| 2018-03-28 | CVE-2018-0183 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. | 6.7 |
| 2017-09-29 | CVE-2017-12239 | Use of Hard-coded Credentials vulnerability in Cisco IOS XE A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. | 6.8 |
| 2017-09-29 | CVE-2017-12237 | Unspecified vulnerability in Cisco IOS A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. | 7.5 |