Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-3488 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1 Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. | 6.1 |
| 2020-09-24 | CVE-2020-3487 | Resource Exhaustion vulnerability in Cisco IOS XE Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. | 6.1 |
| 2020-09-24 | CVE-2020-3486 | Improper Input Validation vulnerability in Cisco IOS XE Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. | 6.1 |
| 2020-09-24 | CVE-2020-3465 | Unspecified vulnerability in Cisco IOS XE 16.6.9/17.4.1 A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. low complexity cisco | 6.5 |
| 2020-09-24 | CVE-2020-3429 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1S A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. | 5.7 |
| 2020-09-24 | CVE-2020-3428 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-09-24 | CVE-2020-3423 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. | 6.7 |
| 2020-09-24 | CVE-2020-3417 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3416 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3400 | Missing Authorization vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. | 6.5 |