Vulnerabilities > Cisco > IOS XE > 16.5.1a

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-0197 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition.
low complexity
cisco CWE-20
6.5
6.5
2018-03-28 CVE-2018-0183 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.
local
low complexity
cisco CWE-78
6.7
6.7
2017-09-29 CVE-2017-12229 Improper Authentication vulnerability in Cisco IOS XE
A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software.
network
low complexity
cisco CWE-287
critical
 9.8
9.8