Vulnerabilities > Cisco > IOS XE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3489 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. | 7.4 |
| 2020-09-24 | CVE-2020-3488 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. | 7.4 |
| 2020-09-24 | CVE-2020-3480 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. | 8.6 |
| 2020-09-24 | CVE-2020-3479 | Resource Exhaustion vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2020-09-24 | CVE-2020-3474 | Incorrect Authorization vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. | 8.1 |
| 2020-09-24 | CVE-2020-3425 | Unspecified vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. | 8.8 |
| 2020-09-24 | CVE-2020-3422 | Unspecified vulnerability in Cisco IOS XE 16.9.3 A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. | 7.5 |
| 2020-09-24 | CVE-2020-3421 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE 16.9.3/17.2 Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. | 7.5 |
| 2020-09-24 | CVE-2020-3414 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-09-24 | CVE-2020-3409 | Resource Exhaustion vulnerability in Cisco IOS and IOS XE A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. | 7.4 |