Vulnerabilities > Cisco > IOS XE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-1738 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2019-03-27 | CVE-2019-1737 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. | 8.6 |
| 2019-01-10 | CVE-2018-0282 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 6.8 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-15373 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-15372 | Unspecified vulnerability in Cisco IOS XE 16.8.1/16.9.1 A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. low complexity cisco | 8.1 |
| 2018-10-05 | CVE-2018-15371 | Improper Authentication vulnerability in Cisco IOS XE 16.3(1) A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-15369 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 6.8 |
| 2018-10-05 | CVE-2018-15368 | OS Command Injection vulnerability in Cisco IOS XE 15.4(3)S A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. | 6.7 |
| 2018-10-05 | CVE-2018-0485 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. | 8.6 |