Vulnerabilities > Cisco > IOS XE > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-12647 NULL Pointer Dereference vulnerability in Cisco IOS XE Fuji16.7.1/Fuji16.8.1
A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-476
7.5
2019-09-25 CVE-2019-12646 Improper Initialization vulnerability in Cisco IOS XE
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-665
7.5
2019-08-21 CVE-2019-12624 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2019-06-21 CVE-2019-1904 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE 16.1.3/16.2.1/16.3.1
A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.8
2019-05-13 CVE-2019-1862 Improper Input Validation vulnerability in Cisco IOS XE 16.3.7
A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
network
low complexity
cisco CWE-20
7.2
2019-03-28 CVE-2019-1756 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
network
low complexity
cisco CWE-20
7.2
2019-03-28 CVE-2019-1755 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user.
network
low complexity
cisco CWE-20
7.2
2019-03-28 CVE-2019-1754 Improper Privilege Management vulnerability in Cisco IOS XE
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI.
network
low complexity
cisco CWE-269
8.8
2019-03-28 CVE-2019-1753 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI.
network
low complexity
cisco CWE-20
8.8
2019-03-28 CVE-2019-1752 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload.
network
low complexity
cisco CWE-20
7.5