Vulnerabilities > Cisco > IOS

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-34714 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload.
low complexity
cisco CWE-20
7.4
2021-03-24 CVE-2021-1460 Unspecified vulnerability in Cisco products
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5
2021-03-24 CVE-2021-1392 Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user.
local
low complexity
cisco CWE-522
7.8
2021-03-24 CVE-2021-1391 Unspecified vulnerability in Cisco IOS and IOS XE
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege.
local
low complexity
cisco
6.7
2021-03-24 CVE-2021-1385 Path Traversal vulnerability in Cisco IOS and IOS XE
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.
network
low complexity
cisco CWE-22
6.5
2021-03-24 CVE-2021-1377 Unspecified vulnerability in Cisco IOS and IOS XE
A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets.
network
low complexity
cisco
5.8
2020-09-24 CVE-2020-3479 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-09-24 CVE-2020-3477 Incorrect Authorization vulnerability in Cisco IOS 16.3.11
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem.
local
low complexity
cisco CWE-863
5.5
2020-09-24 CVE-2020-3476 Files or Directories Accessible to External Parties vulnerability in Cisco IOS 16.10.1/16.9
A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system.
local
low complexity
cisco CWE-552
6.0
2020-09-24 CVE-2020-3475 Improper Input Validation vulnerability in Cisco IOS
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.1