Vulnerabilities > Cisco > IOS

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-6736 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
network
low complexity
cisco CWE-119
8.8
2017-05-03 CVE-2017-6624 Improper Authentication vulnerability in Cisco IOS 15.5(3)M
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls.
network
low complexity
cisco CWE-287
5.3
2017-04-20 CVE-2017-3863 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS and IOS XE
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
8.6
2017-04-20 CVE-2017-3862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS and IOS XE
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
8.6
2017-04-20 CVE-2017-3861 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS and IOS XE
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
8.6
2017-04-20 CVE-2017-3860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS and IOS XE
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
8.6
2017-03-22 CVE-2017-3864 Unspecified vulnerability in Cisco IOS
A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco
8.6
2017-03-22 CVE-2017-3857 Resource Exhaustion vulnerability in Cisco IOS
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-400
7.5
2017-03-21 CVE-2017-3850 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
high complexity
cisco CWE-20
5.9
2017-03-21 CVE-2017-3849 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
low complexity
cisco CWE-20
7.4