Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-15370 Unspecified vulnerability in Cisco IOS ROM Monitor 15.1(2)Sy3
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device.
local
low complexity
cisco
4.6
2018-10-05 CVE-2018-15369 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.8
2018-10-05 CVE-2018-15368 OS Command Injection vulnerability in Cisco IOS XE 15.4(3)S
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.
local
low complexity
cisco CWE-78
7.2
2018-10-05 CVE-2018-0485 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
7.8
2018-10-05 CVE-2018-0481 OS Command Injection vulnerability in Cisco IOS XE 15.3(3)S3.16/16.7.1/16.7(1)
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
local
low complexity
cisco CWE-78
7.2
2018-10-05 CVE-2018-0480 Race Condition vulnerability in Cisco IOS XE 3.6(5)
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition.
5.7
2018-10-05 CVE-2018-0477 OS Command Injection vulnerability in Cisco IOS XE 15.3(3)S3.16/16.7.1/16.7(1)
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
local
low complexity
cisco CWE-78
7.2
2018-10-05 CVE-2018-0476 Unspecified vulnerability in Cisco IOS XE 15.5(3)S5.1/15.5(3)S6.1/16.6.2
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
cisco
7.1
2018-10-05 CVE-2018-0475 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-20
6.1
2018-10-05 CVE-2018-0473 Unspecified vulnerability in Cisco IOS 15.2(4)E/15.2(5)
A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol.
network
low complexity
cisco
5.0