Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-3409 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device.
low complexity
cisco CWE-400
7.4
2020-09-24 CVE-2020-3408 Resource Exhaustion vulnerability in Cisco IOS and IOS XE
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6
2020-09-24 CVE-2020-3407 NULL Pointer Dereference vulnerability in Cisco IOS XE 15.8(3)M3
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload.
network
low complexity
cisco CWE-476
8.6
2020-09-24 CVE-2020-3404 Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges.
local
low complexity
cisco CWE-863
7.8
2020-09-24 CVE-2020-3403 OS Command Injection vulnerability in Cisco IOS XE 17.2.1
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device.
local
low complexity
cisco CWE-78
7.8
2020-09-24 CVE-2020-3400 Missing Authorization vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests.
network
low complexity
cisco CWE-862
8.8
2020-09-24 CVE-2020-3399 Out-of-bounds Read vulnerability in Cisco IOS XE 16.12/16.12.1S/16.12.2
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device.
network
low complexity
cisco CWE-125
8.6
2020-09-24 CVE-2020-3393 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device.
local
low complexity
cisco CWE-20
7.8
2020-09-24 CVE-2020-3390 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device.
low complexity
cisco CWE-20
7.4
2020-09-24 CVE-2020-3359 Improper Input Validation vulnerability in Cisco IOS XE 16.12.1
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6