📦 Ios Xe
by Cisco
🔍 What is Ios Xe?
IOS XE serves as the foundation for Software-Defined Access (SD-Access), SD-WAN, network segmentation, zero-trust architecture, and intent-based networking in enterprise environments. The platform supports critical network functions including routing, switching, wireless management, network policy enforcement, application visibility, and integrated security services across campus, branch, WAN, and data center deployments.
Security vulnerabilities in Cisco IOS XE can expose enterprise networks to severe risks including unauthorized administrative access, network compromise, and infrastructure disruption. Common vulnerability categories include authentication bypass in web UI, privilege escalation, command injection, denial-of-service, buffer overflows, and flaws affecting REST API, SNMP, SSH, IPsec VPN, and wireless controller functions. High-severity vulnerabilities have enabled attackers to implant persistent backdoors, steal credentials, intercept traffic, and gain control of network infrastructure.
Organizations deploying Cisco IOS XE should implement defense-in-depth strategies including disabling unused management interfaces (HTTP/HTTPS UI on internet-facing devices), restricting administrative access through ACLs, implementing AAA with TACACS+/RADIUS, enabling logging and monitoring, and maintaining aggressive patch management. Network security teams should prioritize updates for internet-facing devices, VPN concentrators, and wireless controllers which face higher attack exposure.
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability allows remote attackers to execute arbitrary code with root privileges on affected Cisco devices. Unauthenticated attackers can exploit Cisco ASA/FTD devices, while authent...
This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote attackers to upload arbitrary files and execute commands with root privileges. Attackers exploit a ha...
CVE-2023-20198 is a critical vulnerability in Cisco IOS XE Software web UI that allows unauthenticated attackers to gain initial access and create local user accounts. Combined with CVE-2023-20273, at...
This critical vulnerability in Cisco Catalyst 9000 wireless controllers allows unauthenticated remote attackers to execute arbitrary code with administrative privileges or cause denial of service by s...
An uninitialized variable in Cisco IOS XE Software's AAA function allows unauthenticated remote attackers to bypass NETCONF/RESTCONF authentication. This enables attackers to manipulate device configu...
An unauthenticated attacker on the same network segment can send a malicious Cisco Discovery Protocol packet to an access point, causing the wireless controller to crash and reboot. This affects Cisco...
An out-of-bounds array access vulnerability in Cisco's TWAMP server implementation allows unauthenticated remote attackers to cause device reloads (DoS) by sending crafted TWAMP control packets. Affec...
A vulnerability in Cisco IOS XE Software's DHCP snooping feature allows unauthenticated remote attackers to cause a denial of service by sending DHCP request packets. This can wedge interface queues, ...
An unauthenticated adjacent wireless attacker can cause denial of service on Cisco IOS XE WLCs by sending crafted IPv6 packets that trigger memory exhaustion in the wncd daemon. This affects wireless ...
A vulnerability in Cisco IOS, IOS XE, and IOS XR Software allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. This affects devices with SNMP enabled usin...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. The vulnerability affects devices running vul...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. The vulnerability affects devices running vul...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. The vulnerability affects SNMP versions 1, 2c...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. This affects devices running vulnerable softw...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. This affects devices running vulnerable Cisco...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. The vulnerability affects SNMP versions 1, 2c...
A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cause denial of service by sending crafted SNMP requests. The vulnerability affects devices running vul...
An unauthenticated remote attacker can cause Cisco routers to crash and reload by sending specially crafted fragmented IPv4 packets, resulting in denial of service. This affects Cisco ASR 1000 Series ...
An unauthenticated remote attacker can send specially crafted IPv4 DHCP packets to Cisco IOS XE SD-Access fabric edge nodes, causing high CPU utilization that leads to a denial of service requiring ma...
An unauthenticated remote attacker can cause Cisco IOS XE devices to crash and reload by sending crafted HTTP requests to specific URLs when the Telemetry Service feature is enabled. This denial-of-se...
This vulnerability allows unauthenticated remote attackers to cause a denial of service (DoS) by sending crafted traffic through SD-WAN IPsec tunnels on affected Cisco IOS XE devices. The vulnerabilit...
An unauthenticated remote attacker can send specially crafted RSVP packets to vulnerable Cisco devices, causing a buffer overflow that forces the device to reboot. This results in a denial of service ...
An unauthenticated attacker on the same network segment can send specially crafted OSPFv2 packets to vulnerable Cisco IOS XE devices, causing them to crash and reload. This creates a denial-of-service...
A heap underflow vulnerability in Cisco IOS/IOS XE IKEv1 fragmentation handling allows unauthenticated remote attackers to trigger device reloads via crafted UDP packets. This affects systems running ...
An unauthenticated remote attacker can send specially crafted LISP packets to vulnerable Cisco devices, causing them to reload and creating a denial of service condition. This affects Cisco IOS and IO...
This vulnerability in Cisco IOS XE Software's IPv4 SD-Access fabric edge node allows unauthenticated remote attackers to cause a denial of service by sending specially crafted IPv4 packets. Exploitati...
An unauthenticated remote attacker can send specially crafted IPv4 packets to Cisco Access Points, causing them to crash and reload, resulting in denial of service. This affects Cisco APs running vuln...
An unauthenticated attacker on the same wireless network can send continuous mDNS packets to Cisco IOS XE Wireless LAN Controllers, causing high CPU usage that disconnects access points and creates a ...
An unauthenticated remote attacker can send a crafted DHCP request packet to cause Cisco IOS XE devices with DHCP snooping and endpoint analytics enabled to reload unexpectedly, resulting in a denial ...
This vulnerability in Cisco IOS XE Software allows authenticated remote attackers to execute arbitrary commands with root privileges via the web UI. Attackers can exploit insufficient input validation...
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...
This vulnerability allows authenticated remote attackers with level 15 privileges to bypass AAA command authorization checks when using SCP, enabling them to copy files to/from affected Cisco devices....
An unauthenticated remote attacker can send crafted L2TP packets to vulnerable Cisco IOS XE devices, causing them to reload unexpectedly and creating a denial of service condition. This affects Cisco ...
This vulnerability in Cisco Catalyst 3650 and 3850 Series Switches running IOS XE allows unauthenticated remote attackers to cause a denial of service by sending high-rate traffic to the management in...
This vulnerability allows an authenticated local attacker to escape the Cisco IOx application container and execute arbitrary commands with root privileges on Cisco IOS XE devices. It affects systems ...
An unauthenticated attacker on the same network can send crafted traffic through a wireless access point to exploit insufficient input validation in Cisco IOS XE WLCs, causing high CPU utilization and...
An unauthenticated remote attacker can send crafted DHCPv6 messages to Cisco IOS/IOS XE devices with DHCPv6 relay or server features enabled, causing the device to reload unexpectedly due to insuffici...
This vulnerability in Cisco IOx allows authenticated remote attackers to execute arbitrary commands as root on the host operating system by deploying a malicious application with a crafted activation ...
This vulnerability allows unauthenticated remote attackers to cause Cisco IOS XE devices with AppNav-XE feature enabled to reload, resulting in denial of service. Attackers can exploit it by sending c...
This vulnerability allows authenticated local attackers on Cisco Catalyst 9000 switches and wireless controllers to escalate privileges to level 15 (administrative) by executing specific CLI commands....
This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending crafted packets from the wired network to a wireless client, leading to a crash and reload of...
This vulnerability allows authenticated remote attackers with low privileges to cause denial of service on Cisco IOS XE devices by exhausting resources through excessive NETCONF over SSH connections. ...
This vulnerability allows unauthenticated remote attackers to crash Cisco Catalyst 9000 wireless controllers by sending malformed CAPWAP packets, causing denial of service. It affects Cisco IOS XE Sof...
This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted UDLD packets to Cisco networking devices, causing them to reload and creating a denial of se...
This vulnerability in Cisco IOS and IOS XE software allows authenticated remote attackers to trigger a device reload via a specific CLI command through the web UI, causing a denial of service (DoS). I...
This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to elevate their privileges to root on the underlying operating system. Attackers can exp...
This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to escalate privileges to root on the underlying operating system. Attackers can exploit ...
This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to escalate privileges to root on the underlying operating system. Attackers can exploit ...
This vulnerability allows authenticated low-privileged remote attackers to perform OS command injection through Cisco IOS XE's web management interface, potentially reading sensitive files from the un...
This CSRF vulnerability in Cisco IOS XE web management interface allows unauthenticated remote attackers to trick authenticated users into executing CLI commands. Attackers can clear syslog, parser, a...
This vulnerability in Cisco IOS XE Wireless Controller Software allows authenticated lobby ambassador users to delete arbitrary user accounts, including administrative accounts, by sending crafted HTT...
An unauthenticated remote attacker can cause denial of service on Cisco wireless controllers by exploiting a logic error in the CAPWAP AP joining process. The attacker needs to add a malicious AP to t...
This vulnerability allows authenticated local attackers to cause Cisco access points to reboot by submitting specially crafted CLI commands. It affects Cisco APs running vulnerable software versions. ...
This vulnerability in Cisco Catalyst 9300 switches allows authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute persistent code at boot ti...
This vulnerability in Cisco IOS XE Software allows authenticated local attackers to gain root privileges by exploiting insufficient memory protection in the Meraki onboarding feature. Attackers can mo...