Vulnerabilities > Cisco > IOS XE > 17.4.1

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-09-27 CVE-2023-20109 Out-of-bounds Write vulnerability in Cisco IOS
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature.
network
high complexity
cisco CWE-787
6.6
2023-09-27 CVE-2023-20186 Unspecified vulnerability in Cisco IOS
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks.
network
low complexity
cisco
critical
9.1
2023-09-27 CVE-2023-20187 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
7.5
2023-09-27 CVE-2023-20227 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets.
network
low complexity
cisco
7.5
2023-09-27 CVE-2023-20231 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-20
8.8
2023-03-23 CVE-2023-20027 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
2023-03-23 CVE-2023-20056 Unspecified vulnerability in Cisco products
A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco
5.5
2023-03-23 CVE-2023-20067 Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-770
6.5
2023-03-23 CVE-2023-20080 Improper Validation of Array Index vulnerability in Cisco IOS and IOS XE
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-129
7.5