cisco

IOS-XE Software

282 Versions 10 CVEs

Versions

Recent CVEs

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.

MEDIUM Mar 28, 2019

CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.

MEDIUM Mar 28, 2019

CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

UNKNOWN Mar 28, 2019

CVE-2019-1752

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.

HIGH Mar 28, 2019

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.

HIGH Mar 27, 2019

CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

HIGH Mar 27, 2019

CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.

HIGH Mar 27, 2019

IOS-XE Software

Versions

3.2.3SG

16.6.3

3.3.1SQ

16.9.1b

3.18.4SP

16.7.4

16.7.1b

3.16.8S

16.8.1s

3.16.10S

16.3.5b

16.8.1d

15.2(2)E6

16.6.4a

3.16.7S

3.2.6SG

16.6.4s

3.2.2SG

3.6.8E

16.7.1

3.16.7bS

16.9.1c

16.12.1

3.5.7SQ

16.3.6

3.2.8SG

3.18.3aSP

3.2.1SG

3.3.0SQ

3.2.10SG

3.18.5SP

3.2.7SG

3.10.1E

3.5.0SQ

3.5.4SQ

3.2.9SG

16.6.2

16.9.2a

3.10.2E

3.5.8SQ

3.2.0SG

16.3.5

3.13.10S

3.13.9S

3.10.1aE

3.5.2SQ

16.8.1b

16.8.1e

3.18.3SP

3.5.6SQ

16.9.1

3.18.3bSP

16.8.2

3.8.6E

16.7.1a

16.8.1

16.6.4

16.8.1a

3.2.4SG

16.3.7

3.2.11SG

16.9.1a

3.3.1SG

3.6.9E

3.6.9aE

3.6.10E

3.5.5SQ

3.5.3SQ

3.4.1SQ

16.7.2

3.3.0SG

3.2.5SG

16.9.2

3.4.0SQ

3.8.7E

16.9.2h

3.3.2SG

16.8.1c