Action Required to Secure the Cisco IOS and IOS XE Smart...

In recent weeks, Cisco has published several documents related to the Smart Install feature: one Talos blog about potential misuse of the feature if left enabled, and two Cisco Security Advisories that were included in the March 2018 release of the...

Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service...

A vulnerability in the Cisconbsp;Umbrella Integration feature of Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of servicenbsp;(DoS) condition. The vulnerability is due to a logic error that exists w...

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisconbsp;IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The v...

Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap...

A vulnerability in the DHCP option 82 encapsulation functionality of Cisconbsp;IOS Software and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of servicenbsp...

Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. For more inf...

Cisco IOS XE Software CLI Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisconbsp;IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlyin...

Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based user interfacenbsp;(web UI) of Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scriptingnbsp;(XSS) attack against a user of the web UI of the affected so...

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of...

A vulnerability in the IP Version 4nbsp;(IPv4) processing code of Cisconbsp;IOS XE Software running on Cisconbsp;Catalyst 3850 and Cisconbsp;Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utiliza...

Cisco IOS Software Integrated Services Module for VPN Denial of Service...

A vulnerability in the crypto engine of the Cisconbsp;Integrated Services Module for VPNnbsp;(ISM-VPN) running Cisconbsp;IOS Software could allow an unauthenticated, remote attacker to cause a denial of servicenbsp;(DoS) condition on an affecte...

Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery...

Multiple vulnerabilities in the Link Layer Discovery Protocolnbsp;(LLDP) subsystem of Cisconbsp;IOS Software, Cisconbsp;IOS XE Software, and Cisconbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of servic...

Cisco IOS XE Software Switch Integrated Security Features IPv6 Denial of...

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets.

An attac...

Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of...

A vulnerability in Simple Network Management Protocolnbsp;(SNMP) subsystem of Cisconbsp;IOS XE Software could allow an authenticated, remote attacker to cause a denial of servicenbsp;(DoS) condition. The vulnerability is due to improper managem...