Vulnerabilities > Cisco > IOS XE > 16.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-1745 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. | 7.8 |
| 2019-03-28 | CVE-2019-1743 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. | 8.8 |
| 2019-03-28 | CVE-2019-1742 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. | 5.3 |
| 2019-03-28 | CVE-2019-1741 | Use After Free vulnerability in Cisco IOS XE A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2018-10-05 | CVE-2018-0481 | OS Command Injection vulnerability in Cisco IOS XE 15.3(3)S3.16/16.7.1/16.7(1) A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 6.7 |
| 2018-10-05 | CVE-2018-0477 | OS Command Injection vulnerability in Cisco IOS XE 15.3(3)S3.16/16.7.1/16.7(1) A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 6.7 |
| 2018-10-05 | CVE-2018-0197 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. | 6.5 |
| 2018-06-07 | CVE-2018-0315 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.7.1/16.8.1 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. | 9.8 |
| 2018-04-19 | CVE-2018-0257 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. low complexity cisco | 4.3 |