Vulnerabilities > Cisco > IOS XE > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-3486 Improper Input Validation vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device.
low complexity
cisco CWE-20
6.5
2020-09-24 CVE-2020-3465 Unspecified vulnerability in Cisco IOS XE 16.6.9/17.4.1
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload.
low complexity
cisco
6.5
2020-09-24 CVE-2020-3429 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1S
A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-20
6.5
2020-09-24 CVE-2020-3428 Resource Exhaustion vulnerability in Cisco IOS XE
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-400
6.5
2020-09-24 CVE-2020-3423 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device.
local
low complexity
cisco CWE-119
6.7
2020-09-24 CVE-2020-3417 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust.
local
low complexity
cisco CWE-78
6.7
2020-09-24 CVE-2020-3416 Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust.
local
low complexity
cisco CWE-94
6.7
2020-09-24 CVE-2020-3418 Unspecified vulnerability in Cisco IOS XE 17.1.1
A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state.
low complexity
cisco
4.7
2020-06-03 CVE-2020-3223 Link Following vulnerability in Cisco IOS XE
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device.
network
low complexity
cisco CWE-59
4.9
2020-06-03 CVE-2020-3222 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device.
low complexity
cisco
4.3