CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
91 results · Page 3/4
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Cisco · IOS, XR, and XE Software
Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
Cisco · IOS XE Software
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Cisco · IOS, XR, and XE Software
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software Resource Management Errors Vulnerability
Cisco · IOS Software
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
Cisco · IOS Software and Cisco IOS XE Software
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
Cisco · IOS Software and Cisco IOS XE Software
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
Cisco · IOS Software and Cisco IOS XE Software
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
Cisco · Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
Cisco · IOS Software
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software SNMP Remote Code Execution Vulnerability
Cisco · IOS software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Required Action
Apply updates per vendor instructions.
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.
Required Action
Apply updates per vendor instructions.
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
Cisco · IOS XE Software
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
Cisco · IOS and IOS XE Software
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.
Required Action
Apply updates per vendor instructions.
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
Cisco · Catalyst 6800 Series Switches
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.
Required Action
Apply updates per vendor instructions.
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
Cisco · IOS and IOS XE Software
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.
Required Action
Apply updates per vendor instructions.
