Vulnerabilities > Cisco > IOS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-3208 | Unspecified vulnerability in Cisco IOS A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3205 | OS Command Injection vulnerability in Cisco IOS A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. | 8.3 |
| 2020-06-03 | CVE-2020-3204 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. | 7.2 |
| 2020-06-03 | CVE-2020-3199 | Unspecified vulnerability in Cisco IOS Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. low complexity cisco | 8.3 |
| 2019-09-25 | CVE-2019-12672 | Link Following vulnerability in Cisco IOS 16.9.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. | 7.2 |
| 2019-09-25 | CVE-2019-12669 | Improper Input Validation vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1 A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2019-09-25 | CVE-2019-12655 | Classic Buffer Overflow vulnerability in Cisco IOS A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
| 2019-09-25 | CVE-2019-12652 | Resource Exhaustion vulnerability in Cisco IOS 15.2(3)E1/15.2(4)E3 A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2019-09-25 | CVE-2019-12650 | OS Command Injection vulnerability in Cisco IOS and IOS XE Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. | 8.8 |
| 2019-09-25 | CVE-2019-12649 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 7.2 |