Cisco Cisco Ios Xe Software
236 CVEs affecting Cisco Cisco Ios Xe Software. Latest disclosed: 2026-03-25. Critical: 6, High: 123.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-20188 | Critical | 10.0 | 2025-05-07 | A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE So… |
CVE-2023-20198 | Critical | 10.0 | 2023-10-16 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list… |
CVE-2021-34770 | Critical | 10.0 | 2021-09-23 | A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family… |
CVE-2019-12643 | Critical | 10.0 | 2019-08-28 | A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authenticat… |
CVE-2021-1619 | Critical | 9.8 | 2021-09-23 | A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to… |
CVE-2025-20363 | Critical | 9.0 | 2025-09-25 | A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, C… |
CVE-2025-20334 | High | 8.8 | 2025-09-24 | A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into… |
CVE-2025-20186 | High | 8.8 | 2025-05-07 | A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote atta… |
CVE-2023-20231 | High | 8.8 | 2023-09-27 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device… |
CVE-2020-3400 | High | 8.8 | 2020-09-24 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are… |
CVE-2019-12624 | High | 8.8 | 2019-08-21 | A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker… |
CVE-2019-1904 | High | 8.8 | 2019-06-21 | A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (… |
CVE-2019-1754 | High | 8.8 | 2019-03-28 | A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privile… |
CVE-2019-1753 | High | 8.8 | 2019-03-28 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS com… |
CVE-2019-1745 | High | 8.8 | 2019-03-27 | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges… |
CVE-2019-1743 | High | 8.8 | 2019-03-27 | A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem o… |
CVE-2017-6741 | High | 8.8 | 2017-07-17 | A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute cod… |
CVE-2017-6742 | High | 8.8 | 2017-07-17 | A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute cod… |
CVE-2017-6738 | High | 8.8 | 2017-07-17 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, r… |
CVE-2026-20012 | High | 8.6 | 2026-03-25 | A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Ap… |