Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3404 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. | 7.8 |
| 2020-09-24 | CVE-2020-3403 | OS Command Injection vulnerability in Cisco IOS XE 17.2.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. | 7.8 |
| 2020-09-24 | CVE-2020-3399 | Out-of-bounds Read vulnerability in Cisco IOS XE 16.12/16.12.1S/16.12.2 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. | 8.6 |
| 2020-09-24 | CVE-2020-3393 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2020-09-24 | CVE-2020-3359 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.8 |
| 2020-09-24 | CVE-2020-3141 | Unspecified vulnerability in Cisco IOS XE Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. | 8.8 |
| 2020-09-24 | CVE-2020-3559 | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
| 2020-09-24 | CVE-2020-3508 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. | 7.4 |
| 2020-09-24 | CVE-2020-3396 | Improper Privilege Management vulnerability in Cisco IOS XE 16.12.1 A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. | 7.2 |
| 2020-09-23 | CVE-2019-15992 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. | 7.2 |