Vulnerabilities > Cisco > IOS

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-3199 Unspecified vulnerability in Cisco IOS
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
low complexity
cisco
8.8
2020-06-03 CVE-2020-3198 Out-of-bounds Write vulnerability in Cisco IOS
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.
network
low complexity
cisco CWE-787
critical
9.8
2020-05-06 CVE-2020-3315 Exposure of Resource to Wrong Sphere vulnerability in Cisco Firepower Threat Defense
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.
network
low complexity
cisco CWE-668
5.3
2020-02-12 CVE-2011-4661 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
network
low complexity
cisco CWE-772
7.5
2019-09-25 CVE-2019-12672 Link Following vulnerability in Cisco IOS 16.9.1
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges.
low complexity
cisco CWE-59
6.8
2019-09-25 CVE-2019-12670 Incorrect Default Permissions vulnerability in Cisco IOS 16.10.1
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device.
local
low complexity
cisco CWE-276
6.7
2019-09-25 CVE-2019-12669 Unspecified vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1
A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5
2019-09-25 CVE-2019-12668 Cross-site Scripting vulnerability in Cisco IOS and IOS XE
A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter.
network
low complexity
cisco CWE-79
4.8
2019-09-25 CVE-2019-12665 Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel.
network
high complexity
cisco
7.4
2019-09-25 CVE-2019-12656 Unspecified vulnerability in Cisco products
A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
7.5