Every CVE whose affected-product data names Cisco Ios, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-1999-0775 — CVSS 10.0 (critical): Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the…
CVE-2010-0580 — CVSS 10.0 (critical): Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a…
CVE-2010-1574 — CVSS 10.0 (critical): IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and…
CVE-2011-0935 — CVSS 10.0 (critical): The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers…
CVE-2002-1357 — CVSS 10.0 (critical): Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote…
CVE-2002-1358 — CVSS 10.0 (critical): Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a…
CVE-2002-1359 — CVSS 10.0 (critical): Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial…
CVE-2010-0581 — CVSS 10.0 (critical): Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a…
CVE-2002-1360 — CVSS 10.0 (critical): Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a…
CVE-2006-4950 — CVSS 10.0 (critical): Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog…
CVE-2011-3271 — CVSS 10.0 (critical): Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code…
CVE-2020-3258 — CVSS 9.8 (critical): Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco…
CVE-2020-3198 — CVSS 9.8 (critical): Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco…
CVE-2005-3481 — CVSS 9.3 (critical): Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this…
CVE-2007-4286 — CVSS 9.3 (critical): Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a…
CVE-2007-4292 — CVSS 9.3 (critical): Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP…
CVE-2008-4128 — CVSS 9.3 (critical): Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated…
CVE-2008-3807 — CVSS 9.3 (critical): Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with…
CVE-2006-3291 — CVSS 9.3 (critical): The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures…
CVE-2011-4012 — CVSS 9.3 (critical): Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an…
CVE-2015-6280 — CVSS 9.3 (critical): The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S…
CVE-2007-5381 — CVSS 9.3 (critical): Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote…
CVE-2003-1398 — CVSS 9.3 (critical): Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a…
CVE-2007-5552 — CVSS 9.3 (critical): Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only…
CVE-2001-0537 — CVSS 9.3 (critical): HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization…
CVE-2007-2586 — CVSS 9.3 (critical): The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute…
CVE-2015-0635 — CVSS 9.0 (critical): The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through…
CVE-2007-4285 — CVSS 9.0 (critical): Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows…
CVE-2025-20363 — CVSS 9.0 (critical): A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat…
CVE-2019-12650 — CVSS 8.8 (high): Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to…
CVE-2019-16009 — CVSS 8.8 (high): A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a…
CVE-2020-3199 — CVSS 8.8 (high): Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial…
CVE-2020-3205 — CVSS 8.8 (high): A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services…
CVE-2020-3234 — CVSS 8.8 (high): A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers…
CVE-2020-3217 — CVSS 8.8 (high): A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS…
CVE-2018-0255 — CVSS 8.8 (high): A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker…
CVE-2019-12648 — CVSS 8.8 (high): A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain…
CVE-2019-12651 — CVSS 8.8 (high): Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to…
CVE-2020-3225 — CVSS 8.6 (high): Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE…
CVE-2017-3861 — CVSS 8.6 (high): Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow…
CVE-2017-3862 — CVSS 8.6 (high): Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow…
CVE-2017-3863 — CVSS 8.6 (high): Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow…
CVE-2017-3864 — CVSS 8.6 (high): A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could…
CVE-2025-20154 — CVSS 8.6 (high): A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could…
CVE-2024-20433 — CVSS 8.6 (high): A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an…
CVE-2024-20311 — CVSS 8.6 (high): A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an…
CVE-2024-20308 — CVSS 8.6 (high): A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote…
CVE-2018-0473 — CVSS 8.6 (high): A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to…
CVE-2018-0485 — CVSS 8.6 (high): A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated…
CVE-2018-15377 — CVSS 8.6 (high): A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and…
CVE-2023-20080 — CVSS 8.6 (high): A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an…
CVE-2022-20697 — CVSS 8.6 (high): A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker…
CVE-2019-1737 — CVSS 8.6 (high): A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow…
CVE-2019-1740 — CVSS 8.6 (high): A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an…
CVE-2017-3860 — CVSS 8.6 (high): Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow…
CVE-2020-3408 — CVSS 8.6 (high): A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
CVE-2019-1747 — CVSS 8.6 (high): A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE…
CVE-2020-3228 — CVSS 8.6 (high): A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could…
CVE-2019-1751 — CVSS 8.6 (high): A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote…
CVE-2020-3226 — CVSS 8.6 (high): A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an…
CVE-2007-4263 — CVSS 8.5 (high): Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated…
CVE-2008-3806 — CVSS 8.5 (high): Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8…
CVE-2008-3805 — CVSS 8.5 (high): Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8…
CVE-2020-3257 — CVSS 8.1 (high): Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial…
CVE-2016-6380 — CVSS 8.1 (high): The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain…
CVE-2023-20186 — CVSS 8.0 (high): A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could…
CVE-2013-5475 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device…
CVE-2016-6414 — CVSS 7.8 (high): iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux…
CVE-2002-2208 — CVSS 7.8 (high): Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote…
CVE-2002-2239 — CVSS 7.8 (high): The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote…
CVE-2002-2315 — CVSS 7.8 (high): Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service…
CVE-2003-0567 — CVSS 7.8 (high): Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence…
CVE-2021-1392 — CVSS 7.8 (high): A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to…
CVE-2005-4258 — CVSS 7.8 (high): Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same…
CVE-2006-4774 — CVSS 7.8 (high): The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP…
CVE-2006-4775 — CVSS 7.8 (high): The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a…
CVE-2007-0648 — CVSS 7.8 (high): Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured…
CVE-2007-2688 — CVSS 7.8 (high): The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width…
CVE-2008-1152 — CVSS 7.8 (high): The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device…
CVE-2008-2739 — CVSS 7.8 (high): The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a…
CVE-2008-3798 — CVSS 7.8 (high): Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs…
CVE-2008-3799 — CVSS 7.8 (high): Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote…
CVE-2008-3808 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted…
CVE-2008-3810 — CVSS 7.8 (high): Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a…
CVE-2008-3811 — CVSS 7.8 (high): Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a…
CVE-2008-3813 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a…
CVE-2009-0626 — CVSS 7.8 (high): The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a…
CVE-2009-0631 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2)…
CVE-2009-0636 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of…
CVE-2009-2051 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2009-2866 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted…
CVE-2009-2867 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP…
CVE-2009-2868 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers…
CVE-2009-2870 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers…
CVE-2009-2871 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows…
CVE-2009-5038 — CVSS 7.8 (high): Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote…
CVE-2010-0576 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when…
CVE-2010-0578 — CVSS 7.8 (high): The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial…
CVE-2010-0579 — CVSS 7.8 (high): The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP…
CVE-2010-0582 — CVSS 7.8 (high): Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via…
CVE-2010-0583 — CVSS 7.8 (high): Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a…
CVE-2010-0584 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of…
CVE-2010-0585 — CVSS 7.8 (high): Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony…
CVE-2010-0586 — CVSS 7.8 (high): Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony…
CVE-2010-2827 — CVSS 7.8 (high): Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets…
CVE-2010-2828 — CVSS 7.8 (high): Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2…
CVE-2010-2829 — CVSS 7.8 (high): Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2…
CVE-2010-2831 — CVSS 7.8 (high): Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to…
CVE-2010-2832 — CVSS 7.8 (high): Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers…
CVE-2010-2833 — CVSS 7.8 (high): Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote…
CVE-2010-2834 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2010-2835 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2010-2836 — CVSS 7.8 (high): Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to…
CVE-2010-4671 — CVSS 7.8 (high): The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a…
CVE-2010-4683 — CVSS 7.8 (high): Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a…
CVE-2010-4686 — CVSS 7.8 (high): CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a…
CVE-2011-0349 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2)…
CVE-2011-0350 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2)…
CVE-2011-0939 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of…
CVE-2011-0941 — CVSS 7.8 (high): Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5…
CVE-2011-0944 — CVSS 7.8 (high): Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID…
CVE-2011-0945 — CVSS 7.8 (high): Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before…
CVE-2011-0946 — CVSS 7.8 (high): The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial…
CVE-2011-1624 — CVSS 7.8 (high): Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by…
CVE-2011-2064 — CVSS 7.8 (high): Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a…
CVE-2011-2072 — CVSS 7.8 (high): Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and…
CVE-2011-2578 — CVSS 7.8 (high): Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets…
CVE-2011-3270 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote…
CVE-2011-3272 — CVSS 7.8 (high): The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a…
CVE-2011-3273 — CVSS 7.8 (high): Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a…
CVE-2011-3275 — CVSS 7.8 (high): Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory…
CVE-2011-3276 — CVSS 7.8 (high): Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote…
CVE-2011-3277 — CVSS 7.8 (high): Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote…
CVE-2011-3278 — CVSS 7.8 (high): Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote…
CVE-2011-3279 — CVSS 7.8 (high): The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers…
CVE-2011-3281 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows…
CVE-2011-3282 — CVSS 7.8 (high): Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is…
CVE-2012-0383 — CVSS 7.8 (high): Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption…
CVE-2012-0385 — CVSS 7.8 (high): The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by…
CVE-2012-0386 — CVSS 7.8 (high): The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before…
CVE-2012-0387 — CVSS 7.8 (high): Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote…
CVE-2012-0388 — CVSS 7.8 (high): Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to…
CVE-2012-1310 — CVSS 7.8 (high): Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory…
CVE-2012-1311 — CVSS 7.8 (high): The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows…
CVE-2012-1314 — CVSS 7.8 (high): The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device…
CVE-2012-1315 — CVSS 7.8 (high): Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to…
CVE-2012-1350 — CVSS 7.8 (high): Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang)…
CVE-2012-3079 — CVSS 7.8 (high): Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID…
CVE-2012-3949 — CVSS 7.8 (high): The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before…
CVE-2012-4618 — CVSS 7.8 (high): The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of…
CVE-2012-4619 — CVSS 7.8 (high): The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload)…
CVE-2012-4620 — CVSS 7.8 (high): Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a…
CVE-2012-4621 — CVSS 7.8 (high): The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP…
CVE-2012-4623 — CVSS 7.8 (high): The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and…
CVE-2018-0169 — CVSS 7.8 (high): Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the…
CVE-2013-1142 — CVSS 7.8 (high): Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial…
CVE-2013-1144 — CVSS 7.8 (high): Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via…
CVE-2013-1145 — CVSS 7.8 (high): Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled…
CVE-2013-1146 — CVSS 7.8 (high): The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a…
CVE-2013-1147 — CVSS 7.8 (high): The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a…
CVE-2013-1148 — CVSS 7.8 (high): The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS…
CVE-2013-5473 — CVSS 7.8 (high): Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to…
CVE-2013-5474 — CVSS 7.8 (high): Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3…
CVE-2013-5476 — CVSS 7.8 (high): The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows…
CVE-2013-5477 — CVSS 7.8 (high): The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to…
CVE-2013-5478 — CVSS 7.8 (high): Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service…
CVE-2013-5479 — CVSS 7.8 (high): The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of…
CVE-2013-5480 — CVSS 7.8 (high): The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of…
CVE-2013-5553 — CVSS 7.8 (high): Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device…
CVE-2014-2106 — CVSS 7.8 (high): Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via…
CVE-2014-2108 — CVSS 7.8 (high): Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to…
CVE-2014-2109 — CVSS 7.8 (high): The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of…
CVE-2014-2112 — CVSS 7.8 (high): The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption)…
CVE-2014-2113 — CVSS 7.8 (high): Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote…
CVE-2014-3327 — CVSS 7.8 (high): The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows…
CVE-2014-3354 — CVSS 7.8 (high): Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG…
CVE-2014-3357 — CVSS 7.8 (high): Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before…
CVE-2014-3358 — CVSS 7.8 (high): Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and…
CVE-2014-3359 — CVSS 7.8 (high): Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before…
CVE-2014-3360 — CVSS 7.8 (high): Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS…
CVE-2015-0586 — CVSS 7.8 (high): The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated…