Vulnerabilities > Cisco > IOS XE > 16.9.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-1352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-03-24 | CVE-2021-1453 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. low complexity cisco | 6.8 |
| 2021-03-24 | CVE-2021-1446 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2021-03-24 | CVE-2021-1442 | Unspecified vulnerability in Cisco IOS XE A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. | 7.8 |
| 2021-03-24 | CVE-2021-1435 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1403 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. | 7.4 |
| 2021-03-24 | CVE-2021-1391 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. | 6.7 |
| 2021-03-24 | CVE-2021-1390 | Unspecified vulnerability in Cisco IOS XE A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. | 6.7 |
| 2021-03-24 | CVE-2021-1384 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |