Approved changes feed: RSS · Atom

cpe:2.3:o:cisco:ios:11.0\(20.3\):*:*:*:*:*:*:*

part: o version: 11.0(20.3) update: *

VendorCisco (e1b3baff-aaf9-56a6-a68a-41e28ce616a5)
ProductIos (335bd590-b988-5d63-a96b-6de17994d578)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-1756 vulnerable 2026-06-08 05:13:28.458127 Cisco IOS XE Software Command Injection Vulnerability
HIGH (7.2)
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.
Published: 2019-03-28T00:15:15.848Z
Updated: 2024-11-20T17:24:57.026Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-2395 vulnerable 2026-06-08 04:58:05.951897 Details available
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message.
Published: 2011-06-07T19:00:00.000Z
Updated: 2024-08-06T23:00:33.807Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-5040 vulnerable 2026-06-08 04:51:50.960263 Details available
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
Published: 2011-01-07T18:00:00.000Z
Updated: 2024-08-07T07:24:53.770Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-4609 vulnerable 2026-06-08 04:50:46.262897 Details available
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Published: 2008-10-20T17:00:00.000Z
Updated: 2024-08-07T10:24:20.677Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-5381 vulnerable 2026-06-08 04:50:05.185466 Details available
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.
Published: 2007-10-12T01:00:00.000Z
Updated: 2024-08-07T15:31:58.537Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-1999-0159 vulnerable 2026-06-08 04:44:57.958685 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.