IOS XE Cisco IOS XE Newer version of Cisco IOS Operating System built on linux.

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Cisco IOS XE.

Recent Cisco IOS XE Security Advisories

Advisory Title Published
2025-05-07 Cisco IOS XE Software Web-Based Management Interface Vulnerabilities May 7, 2025
2025-05-07 Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability May 7, 2025
2025-05-07 Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability May 7, 2025
2025-05-07 Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability May 7, 2025
2025-05-07 Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability May 7, 2025

By the Year

In 2025 there have been 1 vulnerability in Cisco IOS XE with an average score of 10.0 out of ten. Last year, in 2024 IOS XE had 17 security vulnerabilities published. Right now, IOS XE is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 2.19.




Year Vulnerabilities Average Score
2025 1 10.00
2024 17 7.81
2023 12 7.44
2022 20 7.04
2021 39 6.70
2020 30 7.28
2019 30 6.92
2018 44 7.22

It may take a day or so for new IOS XE vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cisco IOS XE Security Vulnerabilities

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could

CVE-2025-20188 10 - Critical - May 07, 2025

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Use of Hard-coded Credentials

Missing Authorization Vulnerability in Cisco IOS XE Software

CVE-2024-10575 9.8 - Critical - November 13, 2024

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

AuthZ

Service Library Access Control Bypass in Cisco IOS XE

CVE-2023-29122 - November 05, 2024

Under certain conditions, access to service libraries is granted to account they should not have access to.

Logo Module Out-of-Bounds Access in Cisco IOS XE

CVE-2024-51510 5.5 - Medium - November 05, 2024

Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory Corruption

A vulnerability in the web-based management interface of Cisco IOS XE Software could

CVE-2024-20437 8.8 - High - September 25, 2024

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

Session Riding

A vulnerability in the process

CVE-2024-20455 8.6 - High - September 25, 2024

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could

CVE-2024-20464 8.6 - High - September 25, 2024

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet.

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could

CVE-2024-20436 7.5 - High - September 25, 2024

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.

NULL Pointer Dereference

A vulnerability in Cisco IOS XE Software could

CVE-2024-20434 4.3 - Medium - September 25, 2024

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.

Integer Overflow or Wraparound

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could

CVE-2024-20467 8.6 - High - September 25, 2024

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition

CVE-2024-20480 8.6 - High - September 25, 2024

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

Always-Incorrect Control Flow Implementation

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could

CVE-2024-20510 9.3 - Critical - September 25, 2024

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.

AuthZ

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could

CVE-2024-20433 7.5 - High - September 25, 2024

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Memory Corruption

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could

CVE-2024-20414 6.5 - Medium - September 25, 2024

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.

Session Riding

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could

CVE-2024-20313 7.4 - High - April 24, 2024

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Classic Buffer Overflow

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could

CVE-2024-20308 7.5 - High - March 27, 2024

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could

CVE-2024-20312 - March 27, 2024

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency.

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could

CVE-2024-20259 8.6 - High - March 27, 2024

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.

Memory Corruption

Multiple Cisco products are affected by a vulnerability in Snort access control policies

CVE-2023-20246 5.3 - Medium - November 01, 2023

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.

A vulnerability in the web UI feature of Cisco IOS XE Software could

CVE-2023-20273 7.2 - High - October 25, 2023

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Shell injection

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software

CVE-2023-20198 10 - Critical - October 16, 2023

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

The HTTP/2 protocol

CVE-2023-44487 7.5 - High - October 10, 2023

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Resource Exhaustion

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could

CVE-2023-20109 6.6 - Medium - September 27, 2023

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.

Memory Corruption

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could

CVE-2023-20186 9.1 - Critical - September 27, 2023

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could

CVE-2023-20067 6.5 - Medium - March 23, 2023

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

Allocation of Resources Without Limits or Throttling

A vulnerability in Cisco access points (AP) software could

CVE-2023-20097 6.7 - Medium - March 23, 2023

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.

Command Injection

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could

CVE-2023-20072 8.6 - High - March 23, 2023

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could

CVE-2023-20080 7.5 - High - March 23, 2023

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly.

out-of-bounds array index

A vulnerability in the management CLI of Cisco access point (AP) software could

CVE-2023-20056 5.5 - Medium - March 23, 2023

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition.

A vulnerability in the Cisco IOx application hosting environment could

CVE-2023-20076 8.8 - High - February 12, 2023

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Shell injection

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could

CVE-2022-20915 7.4 - High - October 10, 2022

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.

Interpretation Conflict

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could

CVE-2022-20920 7.7 - High - October 10, 2022

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

Improper Handling of Exceptional Conditions

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could

CVE-2022-20683 8.6 - High - April 15, 2022

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.

Memory Corruption

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could

CVE-2022-20679 7.7 - High - April 15, 2022

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit.

Improper Input Validation

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could

CVE-2022-20676 6.7 - Medium - April 15, 2022

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

Improper Input Validation

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20722 4.9 - Medium - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Directory traversal

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20721 4.9 - Medium - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Directory traversal

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20720 7.2 - High - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

insecure temporary file

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could

CVE-2022-20697 8.6 - High - April 15, 2022

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Missing Release of Resource after Effective Lifetime

A vulnerability in the web UI feature of Cisco IOS XE Software could

CVE-2022-20693 7.2 - High - April 15, 2022

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Shell injection

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could

CVE-2022-20681 7.8 - High - April 15, 2022

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device.

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20719 7.2 - High - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Directory traversal

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could

CVE-2022-20694 6.8 - Medium - April 15, 2022

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.

assertion failure

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20727 6.7 - Medium - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Directory traversal

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20724 5.3 - Medium - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Race Condition

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20723 7.2 - High - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Directory traversal

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could

CVE-2022-20682 8.6 - High - April 15, 2022

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

NULL Pointer Dereference

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could

CVE-2022-20684 6.5 - Medium - April 15, 2022

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Improper Input Validation

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could

CVE-2022-20718 7.2 - High - April 15, 2022

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Shell injection

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could

CVE-2022-20692 6.5 - Medium - April 15, 2022

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cisco IOS XE or by Cisco? Click the Watch button to subscribe.

Cisco
Vendor

Cisco IOS XE
Newer version of Cisco IOS Operating System built on linux.

subscribe