Vulnerabilities > Cisco > IOS > 12.2.60.ez6

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-20186 Unspecified vulnerability in Cisco IOS
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks.
network
low complexity
cisco
critical
9.1
2022-10-10 CVE-2022-20920 Improper Handling of Exceptional Conditions vulnerability in Cisco IOS
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-755
7.7
2021-09-23 CVE-2021-34703 Improper Initialization vulnerability in Cisco IOS
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-665
6.5
2020-06-03 CVE-2020-3204 Improper Input Validation vulnerability in Cisco IOS
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.
local
low complexity
cisco CWE-20
7.2
2020-06-03 CVE-2020-3200 Interpretation Conflict vulnerability in Cisco IOS
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-436
6.8
2020-02-12 CVE-2011-4661 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
network
cisco CWE-772
4.3
2019-09-25 CVE-2019-12655 Classic Buffer Overflow vulnerability in Cisco IOS
A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-120
7.8
2019-05-13 CVE-2019-1649 Improper Locking vulnerability in Cisco products
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.
local
low complexity
cisco CWE-667
6.7
2019-03-28 CVE-2019-1761 Improper Initialization vulnerability in Cisco IOS XE
A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device.
low complexity
cisco CWE-665
3.3
2019-03-27 CVE-2019-1737 Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE
A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device.
network
low complexity
cisco CWE-770
7.8