Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2021/08/18 4:0 p.m.88 views

Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

4.7CVSS6AI score0.01056EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.88 views

Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the Point-to-Point Tunneling Protocol PPTP VPN packet processing functionality in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to...

8.6CVSS1.4AI score
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.88 views

Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An...

8.6CVSS7.7AI score0.01984EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.88 views

Cisco Integrated Management Controller Buffer Overflow Vulnerability

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to cause a denial of service DoS condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is du...

7.2CVSS3AI score0.03293EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.88 views

Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...

5.3CVSS2.1AI score0.40951EPSS
Exploits1References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.88 views

Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit thi...

8.6CVSS2.3AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/20 4:0 p.m.88 views

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security TLS-encrypted Session Initiation Protocol SIP conversation. The...

6.5CVSS1.1AI score0.00874EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.88 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...

5.4CVSS1.5AI score0.00827EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.88 views

Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability

A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of crafted TACACS+...

6.8CVSS1.9AI score0.02063EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/04 4:0 p.m.87 views

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

9.8CVSS9.2AI score0.09691EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/16 11:0 p.m.87 views

Cisco Security Manager Java Deserialization Vulnerabilities

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

8.1CVSS2.6AI score0.87719EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.87 views

Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities a...

8.6CVSS2.5AI score0.02108EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/05 4:0 p.m.87 views

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

8.8CVSS2.5AI score0.11685EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.87 views

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by th...

7.2CVSS4.1AI score0.03798EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.87 views

Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...

8.8CVSS8.7AI score0.01593EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.87 views

Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability

A vulnerability in the Cisco Jabber Client Framework JCF software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory...

5.1CVSS1.8AI score0.00277EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.87 views

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

6.5CVSS2.2AI score0.00747EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 6:45 p.m.88 views

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to create a denial of service DoS condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certa...

6.8CVSS7.8AI score0.22583EPSS
Exploits2References1
Cisco
Cisco
added 2005/08/17 4:0 p.m.87 views

Cisco Clean Access Unauthenticated API Access

...

7.5CVSS3.2AI score0.01585EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2023/09/06 4:0 p.m.86 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

5CVSS7.5AI score0.21583EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/02 4:0 p.m.86 views

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in the Sender Policy Framework SPF functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software...

6.5CVSS2.2AI score0.01306EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.86 views

Cisco IOx Application Environment Denial of Service Vulnerability

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service DoS condition. The vulnerability is due to a Transport Layer Security TLS...

7.5CVSS7.6AI score0.01824EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.86 views

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user...

9.8CVSS2.2AI score0.04491EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.87 views

Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient...

6.7CVSS6.5AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.86 views

Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

5.3CVSS5.6AI score0.00788EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.86 views

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...

8.8CVSS4.2AI score
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.86 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

8.1CVSS1.7AI score0.04056EPSS
Exploits0References1
Cisco
Cisco
added 2026/06/04 10:27 p.m.85 views

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS5.9AI score
Exploits0References1
Cisco
Cisco
added 2021/08/04 4:0 p.m.85 views

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

8.2CVSS9.3AI score0.02033EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.85 views

Cisco IOS XE Software Consent Token Bypass Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

6.7CVSS1.9AI score0.00352EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.85 views

Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this...

6.7CVSS1.8AI score0.00314EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/04 4:0 p.m.85 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists...

6.1CVSS1.9AI score0.01109EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.85 views

Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller NGWC could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to...

8.8CVSS8.8AI score0.18706EPSS
Exploits2References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.85 views

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability i...

8.6CVSS8.4AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.85 views

Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper...

6.5CVSS1.8AI score0.00394EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.85 views

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

6.3CVSS1.8AI score0.04569EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.85 views

Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the Bidirectional Forwarding Detection BFD offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service DoS condition. Th...

8.6CVSS8.3AI score0.07747EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.85 views

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service DoS condition could develop because traffic can cease to be...

8.6CVSS8.5AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.84 views

Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...

4.8CVSS6.8AI score0.00326EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.84 views

Cisco AnyConnect Secure Mobility Client Profile Modification Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker...

4.7CVSS4.7AI score0.00214EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.84 views

Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attack...

6.7CVSS3.2AI score0.00444EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.84 views

Cisco HyperFlex Static SSL Key Vulnerability

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...

6.8CVSS0.5AI score0.00376EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.84 views

Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...

9.8CVSS2.1AI score0.04566EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.84 views

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate System–to–Intermediate System IS–IS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service DoS condition. The vulnerability is due to...

7.4CVSS7.3AI score0.00447EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.84 views

Cisco Meeting Server SIP Processing Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call processing of Cisco Meeting Server CMS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session...

6.8CVSS1.5AI score0.0182EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.84 views

Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

5.3CVSS1.1AI score0.01933EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.84 views

Cisco Webex Teams Information Disclosure and Modification Vulnerability

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between use...

8.7CVSS1.9AI score0.01284EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.84 views

Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...

5.3CVSS2.7AI score0.01231EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/18 4:0 p.m.83 views

Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrec...

6.7CVSS7.3AI score0.02395EPSS
Exploits0References1
Cisco
Cisco
added 2021/07/15 4:0 p.m.83 views

Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

7.7CVSS7.4AI score0.01188EPSS
Exploits0References1
Total number of security vulnerabilities5000