Vulnerabilities > Cisco > IOS XE > 3.8.3e
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-34714 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. | 7.4 |
| 2021-09-23 | CVE-2021-34729 | OS Command Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. | 6.7 |
| 2021-03-24 | CVE-2021-1451 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an affected device. | 9.8 |
| 2021-03-24 | CVE-2021-1442 | Information Exposure Through Log Files vulnerability in Cisco IOS XE A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. | 6.9 |
| 2021-03-24 | CVE-2021-1384 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
| 2021-01-13 | CVE-2021-1236 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.3 |
| 2021-01-13 | CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
| 2021-01-13 | CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 7.5 |
| 2020-11-06 | CVE-2020-3444 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 5.0 |