Vulnerabilities > Cisco > IOS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-20186 | Unspecified vulnerability in Cisco IOS A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. | 9.1 |
| 2020-09-24 | CVE-2020-3426 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. | 9.1 |
| 2020-06-03 | CVE-2020-3198 | Out-of-bounds Write vulnerability in Cisco IOS Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. | 9.8 |
| 2020-06-03 | CVE-2020-3258 | Unspecified vulnerability in Cisco IOS 15.8(3)M2/15.8(9)/15.9 Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. | 9.8 |
| 2018-03-28 | CVE-2018-0171 | Out-of-bounds Write vulnerability in Cisco IOS 15.2(5)E A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. | 9.8 |
| 2017-09-29 | CVE-2017-12240 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. | 9.8 |
| 2017-03-17 | CVE-2017-3881 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. | 9.8 |