Vulnerabilities > Cisco > IOS XE > 17.3.1x
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-34699 | Interpretation Conflict vulnerability in Cisco IOS and IOS XE A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. | 7.7 |
| 2021-09-23 | CVE-2021-34705 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. | 5.3 |
| 2021-09-23 | CVE-2021-34767 | Always-Incorrect Control Flow Implementation vulnerability in Cisco IOS XE A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. | 7.4 |
| 2021-04-29 | CVE-2021-1495 | Improper Handling of Exceptional Conditions vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
| 2021-03-24 | CVE-2021-1403 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. | 7.4 |
| 2021-03-24 | CVE-2021-1385 | Path Traversal vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. | 6.5 |
| 2021-03-24 | CVE-2021-1383 | Argument Injection or Modification vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. | 6.7 |
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
| 2021-01-13 | CVE-2021-1236 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.3 |
| 2021-01-13 | CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |