Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-3489 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device.
low complexity
cisco CWE-20
7.4
2020-09-24 CVE-2020-3488 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device.
low complexity
cisco CWE-20
7.4
2020-09-24 CVE-2020-3480 Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall.
network
low complexity
cisco CWE-754
8.6
2020-09-24 CVE-2020-3479 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-09-24 CVE-2020-3475 Improper Input Validation vulnerability in Cisco IOS
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.1
2020-09-24 CVE-2020-3474 Incorrect Authorization vulnerability in Cisco IOS XE
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-863
8.1
2020-09-24 CVE-2020-3425 Unspecified vulnerability in Cisco IOS XE
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device.
network
low complexity
cisco
8.8
2020-09-24 CVE-2020-3422 Unspecified vulnerability in Cisco IOS XE 16.9.3
A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
7.5
2020-09-24 CVE-2020-3421 Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE 16.9.3/17.2
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall.
network
low complexity
cisco CWE-754
7.5
2020-09-24 CVE-2020-3414 Resource Exhaustion vulnerability in Cisco IOS XE
A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6