Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15375 | Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-15373 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-15372 | Unspecified vulnerability in Cisco IOS XE 16.8.1/16.9.1 A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. low complexity cisco | 8.1 |
| 2018-10-05 | CVE-2018-15371 | Improper Authentication vulnerability in Cisco IOS XE 16.3(1) A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-15370 | Unspecified vulnerability in Cisco IOS ROM Monitor 15.1(2)Sy3 A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. low complexity cisco | 6.8 |
| 2018-10-05 | CVE-2018-15369 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 6.8 |
| 2018-10-05 | CVE-2018-15368 | OS Command Injection vulnerability in Cisco IOS XE 15.4(3)S A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. | 6.7 |
| 2018-10-05 | CVE-2018-0485 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. | 8.6 |
| 2018-10-05 | CVE-2018-0481 | OS Command Injection vulnerability in Cisco IOS XE 15.3(3)S3.16/16.7.1/16.7(1) A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 6.7 |