Vulnerabilities > Cisco > IOS

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-3426 Improper Input Validation vulnerability in Cisco IOS
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
9.1
2020-09-24 CVE-2020-3409 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device.
low complexity
cisco CWE-400
7.4
2020-09-24 CVE-2020-3408 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6
2020-09-23 CVE-2019-16009 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS
A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.8
2020-06-03 CVE-2020-3258 Unspecified vulnerability in Cisco IOS 15.8(3)M2/15.8(9)/15.9
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.
network
low complexity
cisco
critical
9.8
2020-06-03 CVE-2020-3257 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.8(3.0Z)M1/15.9
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
low complexity
cisco CWE-119
8.1
2020-06-03 CVE-2020-3235 Improper Input Validation vulnerability in multiple products
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco oracle CWE-20
7.7
2020-06-03 CVE-2020-3234 Use of Hard-coded Credentials vulnerability in Cisco IOS
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials.
local
low complexity
cisco CWE-798
8.8
2020-06-03 CVE-2020-3231 Incorrect Authorization vulnerability in Cisco IOS
A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port.
low complexity
cisco CWE-863
4.7
2020-06-03 CVE-2020-3230 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations.
network
low complexity
cisco CWE-20
7.5