Vulnerabilities > Cisco > IOS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2021-1391 | Leftover Debug Code vulnerability in Cisco IOS and IOS XE A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. | 6.7 |
| 2021-03-24 | CVE-2021-1385 | Path Traversal vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. | 6.5 |
| 2021-03-24 | CVE-2021-1377 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. | 5.8 |
| 2020-06-03 | CVE-2020-3257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.8(3.0Z)M1/15.9 Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | 4.8 |
| 2020-06-03 | CVE-2020-3235 | Improper Input Validation vulnerability in multiple products A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. | 6.3 |
| 2020-06-03 | CVE-2020-3230 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. | 5.0 |
| 2020-06-03 | CVE-2020-3201 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. | 4.9 |
| 2020-06-03 | CVE-2020-3200 | Interpretation Conflict vulnerability in Cisco IOS A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. | 6.8 |
| 2020-05-06 | CVE-2020-3315 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. | 5.3 |
| 2020-02-12 | CVE-2011-4661 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. | 4.3 |