Vulnerabilities > Cisco > IOS XE > 17.6.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-20065 | Unspecified vulnerability in Cisco IOS XE 17.11.1/17.6.3 A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2023-03-23 | CVE-2023-20067 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2023-03-23 | CVE-2023-20082 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. low complexity cisco | 6.8 |
| 2023-03-23 | CVE-2023-20097 | Command Injection vulnerability in Cisco products A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. | 6.7 |
| 2023-02-12 | CVE-2023-20076 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. | 8.8 |
| 2022-09-30 | CVE-2022-20848 | Unspecified vulnerability in Cisco IOS XE 17.6.1/17.6.3/17.9.1 A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |