Vulnerabilities > Cisco > IOS XE > 17.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-20273 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. | 7.2 |
| 2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-03-23 | CVE-2023-20056 | Unspecified vulnerability in Cisco products A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2023-03-23 | CVE-2023-20097 | Command Injection vulnerability in Cisco products A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. | 6.7 |
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2019-09-25 | CVE-2019-12660 | Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. | 5.5 |