Vulnerabilities > Cisco > IOS XE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-10 | CVE-2022-20920 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. | 7.7 |
| 2022-10-10 | CVE-2022-20944 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. | 6.8 |
| 2022-09-30 | CVE-2022-20810 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. | 6.5 |
| 2022-09-30 | CVE-2022-20847 | Unspecified vulnerability in Cisco IOS XE 17.3.3 A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2022-09-30 | CVE-2022-20848 | Unspecified vulnerability in Cisco IOS XE 17.6.1/17.6.3/17.9.1 A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2022-09-30 | CVE-2022-20851 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-09-30 | CVE-2022-20855 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. | 6.7 |
| 2022-09-30 | CVE-2022-20856 | Unspecified vulnerability in Cisco IOS XE 17.3.4C A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2022-09-30 | CVE-2022-20919 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XE 17.9.1 A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2022-09-27 | CVE-2021-27853 | Authentication Bypass by Spoofing vulnerability in multiple products Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | 4.7 |