Vulnerabilities > Cisco > IOS XE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-3228 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-06-03 | CVE-2020-3227 | Incorrect Authorization vulnerability in Cisco IOS XE A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. | 9.8 |
| 2020-06-03 | CVE-2020-3226 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-06-03 | CVE-2020-3225 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-06-03 | CVE-2020-3224 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. | 8.8 |
| 2020-06-03 | CVE-2020-3223 | Link Following vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. | 4.9 |
| 2020-06-03 | CVE-2020-3222 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. low complexity cisco | 4.3 |
| 2020-06-03 | CVE-2020-3221 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2020-06-03 | CVE-2020-3220 | Insufficient Verification of Data Authenticity vulnerability in Cisco IOS XE A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. | 6.8 |
| 2020-06-03 | CVE-2020-3219 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. | 8.8 |