Vulnerabilities > Cisco > IOS XE > 3.2.0sg
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-22 | CVE-2017-3856 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
2016-10-05 | CVE-2016-6393 | Resource Management Errors vulnerability in Cisco IOS XE The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. | 7.1 |
2016-10-05 | CVE-2016-6384 | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. | 7.8 |
2016-09-22 | CVE-2014-2146 | Improper Input Validation vulnerability in Cisco IOS XE The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | 4.3 |
2016-09-19 | CVE-2016-6415 | Information Exposure vulnerability in Cisco IOS XE The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | 5.0 |
2016-05-29 | CVE-2016-1409 | Improper Input Validation vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | 5.0 |
2016-04-20 | CVE-2016-1384 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | 5.0 |
2015-04-03 | CVE-2015-0685 | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. | 7.8 |
2014-11-07 | CVE-2014-7990 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | 6.8 |
2014-10-25 | CVE-2014-3409 | Resource Management Errors vulnerability in Cisco IOS XE The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 6.1 |