Vulnerabilities > Cisco > IOS XE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-27 | CVE-2019-1737 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. | 8.6 |
| 2018-10-05 | CVE-2018-15373 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-15372 | Unspecified vulnerability in Cisco IOS XE 16.8.1/16.9.1 A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. low complexity cisco | 8.1 |
| 2018-10-05 | CVE-2018-0485 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. | 8.6 |
| 2018-10-05 | CVE-2018-0475 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. | 7.4 |
| 2018-10-05 | CVE-2018-0472 | Improper Input Validation vulnerability in Cisco IOS XE 15.5(3)S5.36/16.8.1 A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. | 8.6 |
| 2018-10-05 | CVE-2018-0471 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XE 16.6.1/16.6.2 A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-0470 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.2.0/16.3(1) A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-10-05 | CVE-2018-0467 | Improper Input Validation vulnerability in Cisco IOS XE 15.6(2)Sp/16.6.1/Everest16.6.1 A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 8.6 |
| 2018-04-02 | CVE-2018-0194 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. | 7.8 |