Approved changes feed: RSS · Atom

cpe:2.3:o:cisco:ios:16.9.1:*:*:*:*:*:*:*

part: o version: 16.9.1 update: *

VendorCisco (e1b3baff-aaf9-56a6-a68a-41e28ce616a5)
ProductIos (335bd590-b988-5d63-a96b-6de17994d578)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-20433 vulnerable 2026-06-08 06:27:27.827133 Details available
HIGH (8.6)
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Published: 2024-09-25T16:26:15.651Z
Updated: 2024-09-25T18:48:42.038Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-20920 vulnerable 2026-06-08 05:39:57.341115 Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability
HIGH (7.7)
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.
Published: 2022-10-10T20:43:15.882Z
Updated: 2026-05-27T12:49:59.670Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12672 vulnerable 2026-06-08 05:12:40.125232 Cisco IOS XE Software Arbitrary Code Execution Vulnerability
MEDIUM (6.2)
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.
Published: 2019-09-25T20:16:02.526Z
Updated: 2024-11-20T17:09:23.330Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12655 vulnerable 2026-06-08 05:12:39.868132 Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability
HIGH (8.6)
A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.
Published: 2019-09-25T20:15:33.502Z
Updated: 2024-11-19T18:56:10.689Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12649 vulnerable 2026-06-08 05:12:39.795751 Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
MEDIUM (6.7)
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.
Published: 2019-09-25T20:05:17.289Z
Updated: 2024-11-20T17:10:35.418Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.