Ios_xe - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ios_xe
(Cisco)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	507

Date	Id	Summary	Products	Score	Patch	Annotated
2021-03-24	CVE-2021-1374	A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability...	Ios_xe	4.8
2021-03-24	CVE-2021-1375	Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these...	Ios_xe	6.7
2021-03-24	CVE-2021-1376	Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these...	Ios_xe	6.7
2021-03-24	CVE-2021-1381	A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console.	Ios_xe	6.1
2021-04-29	CVE-2021-1495	Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.	Firepower_threat_defense, Ios_xe, Snort	5.3
2021-09-23	CVE-2021-34705	A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A...	Ios, Ios_xe	5.3
2021-09-23	CVE-2021-34714	A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow...	Firepower_extensible_operating_system, Fxos, Ios, Ios_xe, Ios_xr, Nx\-Os	7.4
2021-09-23	CVE-2021-1619	A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by...	Ios_xe, Ios_xe_sd\-Wan, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1d_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1d_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1f_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_integrated_services_virtual	9.1
2021-09-23	CVE-2021-34699	A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.	Ios, Ios_xe	7.7
2021-09-23	CVE-2021-1565	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A...	Catalyst_9800_firmware, Embedded_wireless_controller, Ios_xe	8.6