Vulnerabilities > Cisco > IOS XE > 16.9.3h

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-10-04 CVE-2023-20235 Improper Privilege Management vulnerability in Cisco IOS XE
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode.
network
low complexity
cisco CWE-269
8.8
2023-03-23 CVE-2023-20056 Unspecified vulnerability in Cisco products
A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco
5.5
2023-03-23 CVE-2023-20080 Improper Validation of Array Index vulnerability in Cisco IOS and IOS XE
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-129
7.5
2023-03-23 CVE-2023-20082 Unspecified vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.
low complexity
cisco
6.8
2023-03-23 CVE-2023-20097 Command Injection vulnerability in Cisco products
A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges.
local
low complexity
cisco CWE-77
6.7
2023-02-12 CVE-2023-20076 OS Command Injection vulnerability in Cisco products
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.
network
low complexity
cisco CWE-78
8.8
2022-04-15 CVE-2022-20679 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.7
2022-04-15 CVE-2022-20683 Out-of-bounds Write vulnerability in Cisco IOS XE
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-787
8.6
2022-04-15 CVE-2022-20684 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device.
low complexity
cisco CWE-20
6.5