Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ios_xe
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 519 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-25 | CVE-2019-12662 | A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on... | Ios_xe, Nexus_3016_firmware, Nexus_3048_firmware, Nexus_3064\-T_firmware, Nexus_3064_firmware, Nexus_31108pc\-V_firmware, Nexus_31108tc\-V_firmware, Nexus_31128pq_firmware, Nexus_3132c\-Z_firmware, Nexus_3132q\-V_firmware, Nexus_3132q\-Xl_firmware, Nexus_3132q_firmware, Nexus_3164q_firmware, Nexus_3172_firmware, Nexus_3172pq\-Xl_firmware, Nexus_3172tq\-32t_firmware, Nexus_3172tq\-Xl_firmware, Nexus_3172tq_firmware, Nexus_3232c_firmware, Nexus_3264c\-E_firmware, Nexus_3264q_firmware, Nexus_3408\-S_firmware, Nexus_34180yc_firmware, Nexus_34200yc\-Sm_firmware, Nexus_3432d\-S_firmware, Nexus_3464c_firmware, Nexus_3524\-X_firmware, Nexus_3524\-Xl_firmware, Nexus_3524_firmware, Nexus_3548\-X_firmware, Nexus_3548\-Xl_firmware, Nexus_3548_firmware, Nexus_5548p_firmware, Nexus_5548up_firmware, Nexus_5596t_firmware, Nexus_5596up_firmware, Nexus_56128p_firmware, Nexus_5624q_firmware, Nexus_5648q_firmware, Nexus_5672up_firmware, Nexus_5696q_firmware, Nexus_6001_firmware, Nexus_6004_firmware, Nexus_7000_10\-Slot_firmware, Nexus_7000_18\-Slot_firmware, Nexus_7000_4\-Slot_firmware, Nexus_7000_9\-Slot_firmware, Nexus_7700_10\-Slot_firmware, Nexus_7700_18\-Slot_firmware, Nexus_7700_2\-Slot_firmware, Nexus_7700_6\-Slot_firmware, Nx\-Os | N/A | ||
| 2019-09-25 | CVE-2019-12661 | A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input... | Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12660 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of... | Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12659 | A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. | Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12658 | A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit... | Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12653 | A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw... | Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12649 | A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of... | Ios, Ios_xe | N/A | ||
| 2019-09-25 | CVE-2019-12647 | A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the... | Ios_xe | N/A | ||
| 2017-08-07 | CVE-2017-6664 | A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco... | Ios_xe | 7.5 | ||
| 2017-04-20 | CVE-2017-6615 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device... | Ios_xe | 6.3 |