Vulnerabilities > Cisco > IOS > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-20433 Out-of-bounds Write vulnerability in Cisco IOS
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets.
network
low complexity
cisco CWE-787
7.5
2023-03-23 CVE-2023-20080 Improper Validation of Array Index vulnerability in Cisco IOS and IOS XE
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-129
7.5
2022-10-10 CVE-2022-20920 Improper Handling of Exceptional Conditions vulnerability in Cisco IOS
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-755
7.7
2022-04-15 CVE-2022-20697 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS and IOS XE
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-772
8.6
2022-04-15 CVE-2022-20726 Improper Handling of Exceptional Conditions vulnerability in Cisco IOS
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-755
7.5
2021-09-23 CVE-2021-1620 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool.
network
low complexity
cisco CWE-772
7.7
2021-09-23 CVE-2021-34699 Interpretation Conflict vulnerability in Cisco IOS and IOS XE
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-436
7.7
2021-09-23 CVE-2021-34714 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload.
low complexity
cisco CWE-20
7.4
2021-03-24 CVE-2021-1460 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-400
7.5
2021-03-24 CVE-2021-1392 Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user.
local
low complexity
cisco CWE-522
7.8