Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2018/06/20 4:0 p.m.84 views

Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...

5.3CVSS2.7AI score0.01231EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.84 views

Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller IMC Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected...

6.5CVSS2.5AI score0.00847EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/06 8:36 p.m.84 views

Cisco IOS XE Software Challenge/Response Bypass Vulnerability

A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X could allow an authenticated, local attacker with administrative privilege 15 to access the underlying Linux root shell. The vulnerability is due to...

6.8CVSS6.4AI score0.00344EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/18 4:0 p.m.83 views

Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrec...

6.7CVSS7.3AI score0.02395EPSS
Exploits0References1
Cisco
Cisco
added 2021/07/15 4:0 p.m.83 views

Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

7.7CVSS7.4AI score0.01188EPSS
Exploits0References1
Cisco
Cisco
added 2021/07/07 4:0 p.m.83 views

Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities

Multiple vulnerabilities in the Link Layer Discovery Protocol LLDP implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. These...

6.5CVSS6.6AI score
Exploits0References1
Cisco
Cisco
added 2019/11/20 4:0 p.m.83 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

5.4CVSS1.6AI score0.01605EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.83 views

Cisco IOS XE Software ISDN Data Leak Vulnerability

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers ISRs could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The...

4.7CVSS6.5AI score0.01425EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/28 4:0 p.m.83 views

Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...

8.6CVSS1.8AI score0.01969EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.83 views

Cisco Integrated Management Controller Denial of Service Vulnerability

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient checking of an input buffer. A...

5.5CVSS1.9AI score0.00347EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.83 views

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...

6.5CVSS2.1AI score0.01186EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.83 views

Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...

7.8CVSS1.1AI score0.01813EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/11 4:0 p.m.83 views

Cisco Firepower System Software Detection Engine Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the...

5.3CVSS7.7AI score0.02195EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.83 views

NVIDIA TX1 Boot ROM Vulnerability

On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode RCM is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected...

6.8CVSS6.8AI score0.0274EPSS
Exploits1References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.83 views

Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

7.8CVSS2.5AI score
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.83 views

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS3.3AI score0.18554EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/18 4:41 a.m.83 views

Cisco IOS Software DHCPv6 Server Implementation Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted DHCPv6 packets. An attacker could exploit this vulnerabilit...

5CVSS6.4AI score0.02435EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/19 4:0 p.m.82 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied...

8.8CVSS9.1AI score0.02115EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.82 views

Cisco IOS XE Software ASIC Register Write Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...

5.5CVSS1.7AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.82 views

Cisco Integrated Management Controller Denial of Service Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could...

5.5CVSS2.3AI score0.00385EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/20 4:0 p.m.82 views

Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service DoS condition. The vulnerability is due to the incomplete error handli...

5.8CVSS5.6AI score0.02265EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/16 4:0 p.m.82 views

IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products

A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...

7.8CVSS7.4AI score0.87687EPSS
Exploits7References1
Cisco
Cisco
added 2015/07/13 4:11 p.m.82 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE Infra Admin UI could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker coul...

4.3CVSS5.9AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/30 4:0 p.m.82 views

Multiple Vulnerabilities in Cisco TelePresence System MXP Series

Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected syste...

7.8CVSS8.2AI score0.99999EPSS
Exploits87References1
Cisco
Cisco
added 2023/02/01 4:0 p.m.81 views

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

5.3CVSS7.2AI score0.88874EPSS
Exploits0References1
Cisco
Cisco
added 2021/11/24 4:0 p.m.81 views

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server httpd 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section...

9CVSS8.7AI score0.99999EPSS
Exploits5References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.81 views

Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS...

7.4CVSS7.3AI score0.00387EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.81 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities

Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD...

6.1CVSS6.6AI score0.85439EPSS
Exploits2References1
Cisco
Cisco
added 2019/09/25 4:0 p.m.82 views

Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability

A vulnerability in a Virtualization Manager VMAN related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of...

6.7CVSS3.5AI score0.00449EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.81 views

Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate...

7.2CVSS7.3AI score0.0182EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.81 views

Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

5.3CVSS1.2AI score0.01516EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.81 views

Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advance...

7.8CVSS1.8AI score
Exploits0References1
Cisco
Cisco
added 2019/02/20 4:0 p.m.81 views

Cisco HyperFlex Arbitrary Statistics Write Vulnerability

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

4CVSS1.6AI score0.00174EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.81 views

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service DoS to Cisco Meetings application users who are paired with a Session Initiation Protocol SIP endpoint. The vulnerability is due to improper validation of coSpaces...

4.3CVSS2.6AI score0.01358EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.81 views

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS1.4AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.81 views

Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...

8.8CVSS3.2AI score0.00936EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.81 views

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 SMB2 and SMB Version 3 SMB3 protocols if malware is detected. The...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/27 4:0 p.m.81 views

Multiple Cisco Products OSPF LSA Manipulation Vulnerability

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System AS domain routing table...

4.2CVSS4.1AI score0.01693EPSS
Exploits0References1
Cisco
Cisco
added 2026/06/24 4:0 p.m.80 views

Cisco Advance Notification for Publication of July 1, 2026, Security Advisories

On July 1, 2026, the Cisco Product Security Incident Response Team PSIRT published the following advisories: Cisco Security Advisory CVE-ID Security Impact Rating CVSS Base Score Cisco Catalyst Center Arbitrary File Read Vulnerability...

7.5CVSS5.8AI score0.00756EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/20 4:0 p.m.80 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details" section o...

6.1CVSS5.6AI score0.00596EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/04 4:0 p.m.80 views

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an...

7.8CVSS8AI score0.00247EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/19 4:0 p.m.80 views

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...

4.7CVSS6.9AI score
Exploits0References1
Cisco
Cisco
added 2021/03/03 4:0 p.m.80 views

Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of error conditions when processing...

7.4CVSS7.5AI score0.02756EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.80 views

Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

8.1CVSS8.1AI score0.00932EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.80 views

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

8.8CVSS8.8AI score0.03567EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.80 views

Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

8.8CVSS8.8AI score0.01369EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/19 4:0 p.m.80 views

Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacke...

5.8CVSS1.9AI score0.01361EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.80 views

Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data...

6.5CVSS1.4AI score0.01501EPSS
Exploits2References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.80 views

Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

8.1CVSS3.1AI score0.03958EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.80 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS1.8AI score0.01783EPSS
Exploits0References1
Total number of security vulnerabilities5000