Vulnerabilities > Cisco > IOS XE > 3.10.2ts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2019-1950 | Insecure Default Initialization of Resource vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. | 8.4 |
| 2019-08-21 | CVE-2019-12624 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2019-05-13 | CVE-2019-1649 | Improper Locking vulnerability in Cisco products A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. | 6.7 |
| 2019-03-28 | CVE-2019-1761 | Improper Initialization vulnerability in Cisco IOS XE A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. | 3.3 |
| 2019-03-28 | CVE-2019-1752 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 7.5 |
| 2019-03-28 | CVE-2019-1748 | Improper Certificate Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. | 7.4 |
| 2019-03-28 | CVE-2019-1745 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. | 7.2 |
| 2019-03-27 | CVE-2019-1737 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. | 7.8 |
| 2017-09-29 | CVE-2017-12237 | Resource Exhaustion vulnerability in Cisco IOS and IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. | 7.8 |
| 2017-09-29 | CVE-2017-12228 | Improper Certificate Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 4.3 |