Vulnerabilities > Cisco > IOS XE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3408 | Resource Exhaustion vulnerability in Cisco IOS and IOS XE A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-09-24 | CVE-2020-3407 | NULL Pointer Dereference vulnerability in Cisco IOS XE 15.8(3)M3 A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 8.6 |
| 2020-09-24 | CVE-2020-3404 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. | 7.8 |
| 2020-09-24 | CVE-2020-3403 | OS Command Injection vulnerability in Cisco IOS XE 17.2.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. | 7.8 |
| 2020-09-24 | CVE-2020-3400 | Missing Authorization vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. | 8.8 |
| 2020-09-24 | CVE-2020-3399 | Out-of-bounds Read vulnerability in Cisco IOS XE 16.12/16.12.1S/16.12.2 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. | 8.6 |
| 2020-09-24 | CVE-2020-3393 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2020-09-24 | CVE-2020-3390 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. | 7.4 |
| 2020-09-24 | CVE-2020-3359 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-09-24 | CVE-2020-3141 | Unspecified vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. | 8.8 |