Vulnerabilities > Cisco > IOS XE > 3.18.1s

DATE CVE VULNERABILITY TITLE RISK
2017-03-21 CVE-2017-3850 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
high complexity
cisco CWE-20
5.9
5.9
2017-03-21 CVE-2017-3849 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
low complexity
cisco CWE-20
7.4
7.4
2016-11-03 CVE-2016-6441 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE
A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system.
network
low complexity
cisco CWE-119
critical
 9.8
9.8
2016-10-27 CVE-2016-6438 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device.
network
high complexity
cisco CWE-264
5.9
5.9
2016-09-22 CVE-2014-2146 Improper Input Validation vulnerability in Cisco IOS XE
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
network
low complexity
cisco CWE-20
6.5
6.5
2016-09-19 CVE-2016-6415 Information Exposure vulnerability in Cisco IOS
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
network
low complexity
cisco CWE-200
7.5
7.5