Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-20678 Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XE
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-755
7.5
2022-04-15 CVE-2022-20679 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.7
2022-04-15 CVE-2022-20681 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device.
local
low complexity
cisco
7.8
2022-04-15 CVE-2022-20682 NULL Pointer Dereference vulnerability in Cisco IOS XE
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-476
8.6
2022-04-15 CVE-2022-20683 Out-of-bounds Write vulnerability in Cisco IOS XE
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-787
8.6
2022-04-15 CVE-2022-20693 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
network
low complexity
cisco CWE-78
7.2
2022-04-15 CVE-2022-20697 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS and IOS XE
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-772
8.6
2022-04-15 CVE-2022-20714 Out-of-bounds Read vulnerability in Cisco IOS XR
A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset.
network
low complexity
cisco CWE-125
8.6
2022-04-15 CVE-2022-20716 Unspecified vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges.
local
low complexity
cisco
7.8
2022-04-15 CVE-2022-20718 OS Command Injection vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-78
7.2