Vulnerabilities > Cisco > IOS XE > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-24 CVE-2021-1442 Unspecified vulnerability in Cisco IOS XE
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device.
local
low complexity
cisco
7.8
2021-03-24 CVE-2021-1435 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user.
network
low complexity
cisco
7.2
2021-03-24 CVE-2021-1433 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device.
network
high complexity
cisco
8.1
2021-03-24 CVE-2021-1432 Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user.
local
low complexity
cisco CWE-74
7.3
2021-03-24 CVE-2021-1431 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition.
network
low complexity
cisco
7.5
2021-03-24 CVE-2021-1403 Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-1021
7.4
2021-03-24 CVE-2021-1392 Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user.
local
low complexity
cisco CWE-522
7.8
2021-03-24 CVE-2021-1384 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user.
network
low complexity
cisco CWE-78
7.2
2021-01-13 CVE-2021-1223 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.
network
low complexity
cisco snort
7.5
2020-11-06 CVE-2020-3444 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters.
network
low complexity
cisco
7.5