Vulnerabilities > Cisco > IOS XE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-20235 | Improper Privilege Management vulnerability in Cisco IOS XE A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. | 8.8 |
| 2023-09-27 | CVE-2023-20033 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. | 8.6 |
| 2023-09-27 | CVE-2023-20187 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2023-09-27 | CVE-2023-20226 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. | 7.5 |
| 2023-09-27 | CVE-2023-20227 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. | 7.5 |
| 2023-09-27 | CVE-2023-20231 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. | 8.8 |
| 2023-03-23 | CVE-2023-20027 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2023-03-23 | CVE-2023-20029 | Unspecified vulnerability in Cisco IOS XE 17.7.1/17.8.1 A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. | 7.8 |
| 2023-03-23 | CVE-2023-20065 | Unspecified vulnerability in Cisco IOS XE 17.11.1/17.6.3 A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2023-03-23 | CVE-2023-20072 | Unspecified vulnerability in Cisco IOS XE 17.9.1/17.9.1A/17.9.1W A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. | 8.6 |