Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2018/04/18 4:0 p.m.76 views

Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...

6.1CVSS6AI score0.0189EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 3:0 p.m.76 views

Vulnerability in Linux Kernel Affecting Cisco Products: October 2016

On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has...

6.9CVSS7.3AI score0.83524EPSS
Exploits81References1
Cisco
Cisco
added 2015/12/04 5:38 p.m.76 views

Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products

On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS...

7.3AI score
Exploits0References1
Cisco
Cisco
added 2014/10/06 2:21 p.m.76 views

Cisco ASA Software Version Information Disclosure Vulnerability

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...

5CVSS6.2AI score0.01998EPSS
Exploits0References1
Cisco
Cisco
added 2022/06/22 4:0 p.m.75 views

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability

A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...

9.1CVSS7.8AI score0.03206EPSS
Exploits1References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.75 views

Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For...

9.8CVSS9AI score0.02065EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.75 views

Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is return...

6.3CVSS2.2AI score0.01028EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.75 views

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

8.8CVSS9.1AI score0.02629EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.75 views

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could...

5.8CVSS5.9AI score0.01153EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.75 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS6AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/01 4:0 p.m.75 views

Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model–based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...

6.1CVSS6AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.75 views

Cisco Firepower Management Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

5.3CVSS8.8AI score0.00949EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.75 views

Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

4.8CVSS2AI score0.01255EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.75 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS1.8AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.75 views

Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

8.6CVSS8.7AI score0.0445EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/02 8:43 p.m.75 views

Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

4.3CVSS6.1AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2023/02/22 4:0 p.m.74 views

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

8.8CVSS9AI score0.00362EPSS
Exploits0References1
Cisco
Cisco
added 2022/08/03 4:0 p.m.74 views

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the...

9.8CVSS9.7AI score0.02877EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/27 4:0 p.m.74 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service DoS vulnerability. This...

8.6CVSS8.4AI score0.00649EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/06 4:0 p.m.74 views

Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...

8.8CVSS5.4AI score0.00504EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/03 4:0 p.m.74 views

Cisco SD-WAN vManage SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...

4.9CVSS5.7AI score0.01041EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/04 4:0 p.m.74 views

Cisco Webex Teams Logging Feature Command Execution Vulnerability

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

7.5CVSS1.8AI score0.04729EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.74 views

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...

6.5CVSS7.1AI score0.01703EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.74 views

Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

4.3CVSS1.1AI score0.012EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.74 views

Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS Operations, Administration, and Maintenance OAM implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition o...

7.4CVSS1.7AI score0.00605EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/06 4:0 p.m.74 views

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers...

6.7CVSS6.9AI score0.00375EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/20 4:0 p.m.74 views

Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted request...

5.3CVSS1.6AI score0.02208EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/01 4:0 p.m.74 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

5.4CVSS2.6AI score0.01231EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/11 4:0 p.m.74 views

Cisco Firepower System Software SSL Denial of Service Vulnerability

A vulnerability in the detection engine parsing of Security Socket Layer SSL protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due t...

5.3CVSS7.8AI score0.02333EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.74 views

Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

8.6CVSS1.3AI score0.07613EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.74 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

6.3CVSS2.6AI score0.00875EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/26 4:0 p.m.74 views

Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. The vulnerability is due to an unknown...

7.4CVSS6.4AI score0.02135EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/12 6:5 p.m.74 views

Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability

A vulnerability in the Unicast Reverse Path Forwarding uRPF feature in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to bypass the uRPF validation checks. The vulnerability is due to incorrect uRPF validation where IP packets from an outside interface,...

5CVSS6.5AI score0.01733EPSS
Exploits0References1
Cisco
Cisco
added 2024/05/22 4:0 p.m.73 views

Cisco Firepower Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

8.8CVSS9.2AI score0.00836EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/27 4:0 p.m.73 views

Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022

On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers "https://kb.cert.org/vuls/id/855201": CVE-2021-27853: Layer 2 network filteri...

4.7CVSS5AI score0.0069EPSS
Exploits1References1
Cisco
Cisco
added 2021/10/20 4:0 p.m.73 views

Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

7.8CVSS7.8AI score0.00297EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.73 views

Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted ...

7.8CVSS7.8AI score0.01081EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.73 views

Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

7.8CVSS7.6AI score0.00248EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/28 4:0 p.m.73 views

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

4.8CVSS5.1AI score
Exploits0References1
Cisco
Cisco
added 2021/04/07 4:0 p.m.73 views

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These...

6.3CVSS6.8AI score0.01612EPSS
Exploits1References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.73 views

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the web-based management interface of an...

4.8CVSS5AI score0.00638EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/12 1:15 p.m.73 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

7.2CVSS7.4AI score0.04122EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/06 4:0 p.m.73 views

Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator MSX could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this...

4.7CVSS0.6AI score0.0081EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.73 views

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system OS. The vulnerability is due to...

7.2CVSS7.3AI score0.02815EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.73 views

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...

9.8CVSS2.1AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.73 views

Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...

5CVSS0.6AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.73 views

Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient...

6.7CVSS2.9AI score0.00396EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/01 4:0 p.m.73 views

Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

5.4CVSS2.4AI score0.00678EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.74 views

Cisco MATE Collector Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...

5.3CVSS2.5AI score0.0071EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.73 views

Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service DoS condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI...

4.4CVSS2.4AI score0.004EPSS
Exploits0References1
Total number of security vulnerabilities5000