Vulnerabilities > Cisco > IOS

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-3228 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2020-06-03 CVE-2020-3226 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2020-06-03 CVE-2020-3225 Improper Input Validation vulnerability in Cisco IOS and IOS XE
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2020-06-03 CVE-2020-3217 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-20
8.8
2020-06-03 CVE-2020-3210 OS Command Injection vulnerability in Cisco IOS
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device.
local
low complexity
cisco CWE-78
6.7
2020-06-03 CVE-2020-3208 Unspecified vulnerability in Cisco IOS
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device.
local
low complexity
cisco
6.7
2020-06-03 CVE-2020-3205 OS Command Injection vulnerability in Cisco IOS
A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device.
low complexity
cisco CWE-78
8.8
2020-06-03 CVE-2020-3204 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.
local
low complexity
cisco CWE-20
6.7
2020-06-03 CVE-2020-3201 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system.
local
low complexity
cisco CWE-20
6.0
2020-06-03 CVE-2020-3200 Interpretation Conflict vulnerability in Cisco IOS and IOS XE
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-436
7.7