Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-20870 Unspecified vulnerability in Cisco IOS XE
A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
8.6
2022-10-10 CVE-2022-20915 Interpretation Conflict vulnerability in Cisco IOS XE
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-436
7.4
2022-10-10 CVE-2022-20920 Improper Handling of Exceptional Conditions vulnerability in Cisco IOS and IOS XE
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-755
7.7
2022-09-30 CVE-2022-20775 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
local
low complexity
cisco CWE-22
7.8
2022-09-30 CVE-2022-20818 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
local
low complexity
cisco CWE-22
7.8
2022-09-30 CVE-2022-20847 Resource Exhaustion vulnerability in Cisco IOS XE 17.3.3
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2022-09-30 CVE-2022-20848 Resource Exhaustion vulnerability in Cisco IOS XE 17.6.1/17.6.3/17.9.1
A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2022-09-30 CVE-2022-20850 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.
local
low complexity
cisco CWE-20
7.1
2022-09-30 CVE-2022-20851 OS Command Injection vulnerability in Cisco IOS XE 17.6.1
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
network
low complexity
cisco CWE-78
7.2
2022-09-30 CVE-2022-20856 Unspecified vulnerability in Cisco IOS XE 17.3.4C
A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5