Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-20187 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2023-09-27 | CVE-2023-20223 | Unspecified vulnerability in Cisco DNA Center A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. | 8.2 |
| 2023-09-27 | CVE-2023-20226 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. | 7.5 |
| 2023-09-27 | CVE-2023-20227 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. | 7.5 |
| 2023-09-27 | CVE-2023-20231 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. | 8.8 |
| 2023-09-27 | CVE-2023-20254 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan Manager A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. | 8.8 |
| 2023-09-27 | CVE-2023-20262 | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. | 7.5 |
| 2023-09-13 | CVE-2023-20135 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cisco IOS XR A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. | 7.0 |
| 2023-09-13 | CVE-2023-20191 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. | 7.5 |
| 2023-09-13 | CVE-2023-20236 | Insufficient Verification of Data Authenticity vulnerability in Cisco IOS XR A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. | 7.8 |