Lucene search
K

25 matches found

CVE
CVE
added 2025/09/24 5:53 p.m.17 views

CVE-2025-20314

CVE-2025-20314 describes a vulnerability in Cisco IOS XE Software where an authenticated local user with level-15 privileges or a physically proximate unauthenticated attacker can cause the device to execute persistent code at boot, effectively breaking the chain of trust. The root cause is impro...

6.7CVSS6.2AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.7 views

PT-2025-39306

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...

6.2CVSS6.7AI score0.0015EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.10 views

The vulnerability of the microprogrammed software of Ruijie NBR2000G, NBR1300G, and Ruijie NBR1000 lies in the insufficient protection of operational data, allowing attackers to gain access to the administrator account.

The vulnerability of the microprogrammed software of Ruijie NBR2000G, NBR1300G, and Ruijie NBR1000 lies in the insufficient protection of operational data during the processing of the /WEBVMS/LEVEL15/ endpoint. Exploiting this vulnerability can allow a malicious actor to gain access to the...

7.8CVSS5.5AI score0.06444EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34057

An information disclosure vulnerability exists in Ruijie NBR series routers known to affect NBR2000G, NBR1300G, and NBR1000 models via the /WEBVMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker ca...

8.7CVSS5.8AI score0.06444EPSS
In wildExploits0References57
ATTACKERKB
ATTACKERKB
added 2025/05/07 6:15 p.m.6 views

CVE-2025-20198

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

8.2CVSS5.8AI score0.00141EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/07 6:15 p.m.5 views

CVE-2025-20200

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/05/07 6:15 p.m.6 views

CVE-2025-20186

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to...

8.8CVSS7AI score0.01159EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/27 5:15 p.m.4 views

CVE-2024-20306

A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...

6.7CVSS6AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 6:15 p.m.4 views

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

8.8CVSS6AI score0.0074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.6 views

PT-2023-2222 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...

6.8CVSS6.7AI score0.00375EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.2 views

PT-2022-7009 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Authentication, Authorization, and Accounting AAA feature could allow an authenticated, remote attacker to bypass command...

9.1CVSS7.3AI score0.00586EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2022/09/28 11:0 p.m.4 views

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

7.9CVSS6.9AI score0.0034EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/13 4:0 p.m.4 views

CVE-2022-20681

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validatio...

7.8CVSS6.9AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.4 views

PT-2022-2745 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated,...

7.8CVSS7.6AI score0.00223EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.6 views

Cisco IOS XE Software 日志信息泄露漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...

7.8CVSS7.1AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.4 views

Cisco IOS XE Software 安全漏洞

Cisco IOS is an operation and maintenance system developed by Cisco for its network equipment, where users set up the functions of the network equipment through the command line human-machine interface. IOS XE is a modular operating system based on Linux kernel developed for its network equipment...

7.2CVSS6.8AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2020/06/03 6:15 p.m.6 views

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

6.7CVSS6AI score0.00426EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 6:15 p.m.3 views

CVE-2020-3208

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...

6.7CVSS6.7AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/02 12:0 a.m.5 views

PT-2019-3616 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...

6.8CVSS5.7AI score0.01488EPSS
Exploits0References5
CNVD
CNVD
added 2019/09/27 12:0 a.m.3 views

Cisco IOS XE Command Injection Vulnerability (CNVD-2019-34374)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A command injection vulnerability exists in the web-based user interface of Cisco IOS XE, which can be exploited to execute Cisco IOS commands with elevated privileges level 15 via...

9CVSS8AI score0.02543EPSS
Exploits0References1
Rows per page
Query Builder