Vulnerabilities > Cisco > IOS XE > 16.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-1743 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. | 8.8 |
| 2019-03-28 | CVE-2019-1742 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. | 5.3 |
| 2019-03-28 | CVE-2019-1741 | Use After Free vulnerability in Cisco IOS XE A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2019-03-27 | CVE-2019-1737 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. | 8.6 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-0471 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XE 16.6.1/16.6.2 A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-0467 | Improper Input Validation vulnerability in Cisco IOS XE 15.6(2)Sp/16.6.1/Everest16.6.1 A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 8.6 |
| 2018-10-05 | CVE-2018-0197 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. | 6.5 |
| 2018-04-19 | CVE-2018-0257 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. low complexity cisco | 4.3 |
| 2018-03-28 | CVE-2018-0184 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. | 6.7 |