Vulnerabilities > Cisco > IOS XE > 16.3

DATE CVE VULNERABILITY TITLE RISK
2018-03-28 CVE-2018-0193 OS Command Injection vulnerability in Cisco IOS XE
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device.
local
low complexity
cisco CWE-78
7.8
7.8
2018-03-28 CVE-2018-0190 Cross-site Scripting vulnerability in Cisco IOS XE
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2018-03-28 CVE-2018-0188 Cross-site Scripting vulnerability in Cisco IOS XE
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2018-03-28 CVE-2018-0186 Cross-site Scripting vulnerability in Cisco IOS XE
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2018-03-28 CVE-2018-0185 OS Command Injection vulnerability in Cisco IOS XE
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device.
local
low complexity
cisco CWE-78
7.8
7.8
2018-03-28 CVE-2018-0184 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.
local
low complexity
cisco CWE-78
6.7
6.7
2018-03-28 CVE-2018-0183 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.
local
low complexity
cisco CWE-78
6.7
6.7
2018-03-28 CVE-2018-0182 OS Command Injection vulnerability in Cisco IOS XE
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device.
local
low complexity
cisco CWE-78
7.8
7.8
2017-09-29 CVE-2017-12237 Unspecified vulnerability in Cisco IOS
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.
network
low complexity
cisco
7.5
7.5