Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-3217 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 8.3 |
| 2020-06-03 | CVE-2020-3216 | Improper Authentication vulnerability in Cisco IOS XE Sd-Wan A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3215 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3213 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. | 7.2 |
| 2020-06-03 | CVE-2020-3210 | OS Command Injection vulnerability in Cisco IOS A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3209 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3208 | Unspecified vulnerability in Cisco IOS A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3207 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. | 7.2 |
| 2020-06-03 | CVE-2020-3205 | OS Command Injection vulnerability in Cisco IOS A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. | 8.3 |
| 2020-06-03 | CVE-2020-3204 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. | 7.2 |