17.9.2b

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-20273	OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. network low complexity cisco CWE-78	7.2
2023-10-16	CVE-2023-20198	Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. network low complexity cisco critical	10.0
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-09-27	CVE-2023-20186	Unspecified vulnerability in Cisco IOS A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. network low complexity cisco critical	9.1
2023-09-27	CVE-2023-20202	Unspecified vulnerability in Cisco IOS XE A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. low complexity cisco	6.5
2023-09-27	CVE-2023-20231	Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. network low complexity cisco CWE-20	8.8
2020-09-23	CVE-2019-16009	Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. network low complexity cisco CWE-352	8.8
2019-09-25	CVE-2019-12660	Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. local low complexity cisco CWE-668	5.5