CVE-2023-20203

The CVE-2023-20203 entry describes stored Cross-Site Scripting (XSS) vulnerabilities in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) web-based management interfaces. Root cause: insufficient validation of user-supplied input, enabling an authenticated, remote a...

CVE-2022-20786

CVE-2022-20786 affects Cisco Unified Communications Manager IM & Presence Service. The vulnerability is an SQL injection in the web-based management interface caused by improper validation of user-submitted parameters. An authenticated, remote attacker can send malicious requests to the applicati...

CVE-2022-20665

CVE-2022-20665 is a Cisco StarOS command-injection vulnerability in the CLI. It arises from insufficient input validation of CLI commands, enabling an authenticated, local attacker with administrative credentials to execute arbitrary code with root privileges on an affected device. Exploitation w...

CVE-2021-1359

CVE-2021-1359 affects Cisco AsyncOS Web Security Appliance (WSA) in the configuration management path. The issue arises from insufficient validation of user-supplied XML input in the web interface, allowing an authenticated, remote attacker with a valid account to upload crafted XML configuration...

Cisco SD-WAN vManage HTTP Authentication User Enumeration (cisco-sa-vmanage-enumeration-64eNnDKy)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an information disclosure vulnerability due to improper handling of HTTP headers. An unauthenticated, remote attacker can exploit this, via HTTP, to determine which accounts are valid user accounts. Please see th...

CVE-2020-3480

CVE-2020-3480 corresponds to multiple DoS vulnerabilities in Cisco IOS XE Zone-Based Firewall. The flaws arise from incomplete handling of Layer 4 packets, enabling an unauthenticated, remote attacker to trigger a device reload or to stop forwarding traffic through the firewall by sending a speci...

Cisco HyperFlex Software Command Injection (cisco-sa-20190220-hyperflex-injection)

According to its self-reported version, Cisco HyperFlex HX Data Platform is affected by a vulnerability in the cluster service manager due to insufficient input validation. An unauthenticated, adjacent attacker can exploit this, by connecting to the cluster service manager and injecting commands...

CVE-2015-6406

CVE-2015-6406 describes a directory traversal vulnerability in Cisco Emergency Responder’s Tools menu. Affected software is Cisco Emergency Responder 10.5(1.10000.5). The root cause is improper sanitization of user-supplied input that forms a filename, allowing authenticated, remote attackers to ...

CVE-2012-2385

The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service long loop and CPU consumption via an escape sequence with a large repeat count value...

CVE-2011-1645

The CVE-2011-1645 vulnerability affects Cisco RVS4000 and WRVS4400N Gigabit Security Routers. The flaw is in the web management interface, where an unauthenticated remote attacker can read the device’s backup configuration file, which can contain sensitive data such as HTTP passwords and VPN pre-...

CVE-2010-4692

CVE-2010-4692 affects Cisco ASA 5500-series devices running software before 8.3(2). The vulnerability allows a remote attacker to cause a denial-of-service (device crash) by initiating a large number of LAN-to-LAN IPsec sessions (L2L), per Bug ID CSCth36592. Affected component is the IPsec/L2L ha...

CVE-2010-2976

The controller in Cisco Unified Wireless Network UWN Solution 7.x through 7.0.98.0 has 1 a default SNMP read-only community of public, 2 a default SNMP read-write community of private, and a value of "default" for the 3 SNMP v3 username, 4 SNMP v3 authentication password, and 5 SNMP v3 privacy...

CVE-2002-1596

CVE-2002-1596 affects Cisco SN 5420 Storage Router, up to version 1.1(5). A remote attacker can cause a denial-of-service (router crash) by sending an HTTP request with large headers. The provided materials state the issue and related Cisco advisory but do not include a specific patch version or ...