Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-28 CVE-2018-0173 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2018-03-28 CVE-2018-0172 Out-of-bounds Write vulnerability in Cisco IOS and IOS XE
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
8.6
2018-03-28 CVE-2018-0170 Use After Free vulnerability in Cisco IOS XE 16.4.1
A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software.
network
low complexity
cisco CWE-416
7.5
2018-03-28 CVE-2018-0169 OS Command Injection vulnerability in Cisco IOS 15.0(5.59)Emd
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.
local
low complexity
cisco CWE-78
7.8
2018-03-28 CVE-2018-0167 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Ios, IOS XE and IOS XR
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
low complexity
cisco CWE-119
8.8
2018-03-28 CVE-2018-0165 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XE 15.2(3)E/Denali16.3.3
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak.
low complexity
cisco CWE-772
7.4
2018-03-28 CVE-2018-0164 Unspecified vulnerability in Cisco IOS XE 15.6(2)Sp
A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge.
network
low complexity
cisco
8.6
2018-03-28 CVE-2018-0159 Unspecified vulnerability in Cisco IOS and IOS XE
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
7.5
2018-03-28 CVE-2018-0158 Memory Leak vulnerability in Cisco IOS and IOS XE
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.
network
low complexity
cisco CWE-401
8.6
2018-03-28 CVE-2018-0157 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload.
network
low complexity
cisco
8.6