Vulnerabilities > Cisco > IOS XE > 17.9.1w

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-20109 Out-of-bounds Write vulnerability in Cisco IOS
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature.
network
high complexity
cisco CWE-787
6.6
2023-09-27 CVE-2023-20186 Unspecified vulnerability in Cisco IOS
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks.
network
low complexity
cisco
critical
9.1
2023-09-27 CVE-2023-20202 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management.
low complexity
cisco
6.5
2023-09-27 CVE-2023-20231 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-20
8.8
2023-03-23 CVE-2023-20056 Unspecified vulnerability in Cisco products
A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco
5.5
2023-03-23 CVE-2023-20072 Unspecified vulnerability in Cisco IOS XE 17.9.1/17.9.1A/17.9.1W
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
8.6
2023-03-23 CVE-2023-20097 Command Injection vulnerability in Cisco products
A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges.
local
low complexity
cisco CWE-77
6.7
2023-02-12 CVE-2023-20076 OS Command Injection vulnerability in Cisco products
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.
network
low complexity
cisco CWE-78
8.8
2020-09-23 CVE-2019-16009 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS
A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.8
2019-09-25 CVE-2019-12660 Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device.
local
low complexity
cisco CWE-668
5.5