Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2023/06/07 4:0 p.m.70 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to relo...

8.6CVSS8AI score0.00919EPSS
Exploits0References1
Cisco
Cisco
added 2023/03/22 4:0 p.m.70 views

Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

6.5CVSS7.5AI score0.00261EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/20 4:0 p.m.70 views

Cisco Integrated Management Controller GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...

5.3CVSS6.3AI score0.01233EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.70 views

Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability

A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial...

5.3CVSS5.4AI score0.00974EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/01 4:0 p.m.70 views

Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...

9.8CVSS9.8AI score0.17661EPSS
Exploits1References1
Cisco
Cisco
added 2021/08/25 4:0 p.m.70 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command...

6CVSS6.6AI score0.00446EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/25 4:0 p.m.70 views

Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability

A vulnerability in the VXLAN Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific...

8.6CVSS8.4AI score0.01681EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/25 4:0 p.m.70 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability

February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software...

8.6CVSS8.5AI score0.02453EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.70 views

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...

6.6CVSS7.2AI score0.0794EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/17 4:0 p.m.70 views

Cisco StarOS Denial of Service Vulnerability

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerability is due to a logic error that may occur under specific...

5.3CVSS6.3AI score0.0145EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.70 views

Cisco DNA Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

7.1CVSS9AI score0.00836EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.70 views

Cisco SD-WAN vManage SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...

6.5CVSS8.5AI score0.01391EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.70 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

8.6CVSS8.6AI score0.0381EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.70 views

Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

6.1CVSS1.5AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.70 views

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI implementation of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the...

7.5CVSS7.4AI score0.01997EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.70 views

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a...

8.6CVSS1.1AI score0.02046EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.70 views

Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of...

7.5CVSS1.7AI score0.01904EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.70 views

Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

Update from August 25, 2021: Cisco found that this vulnerability was present in additional releases of Cisco NX-OS Software with the introduction of Python 3 support. For more information, see the Fixed Software "fs" section of this advisory. A vulnerability in the Python scripting subsystem of...

4.2CVSS2.6AI score0.00552EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/13 4:0 p.m.70 views

Cisco Common Services Platform Collector Static Credential Vulnerability

A vulnerability in the Cisco Common Services Platform Collector CSPC could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the...

9.8CVSS2.8AI score0.05817EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/15 4:0 p.m.70 views

Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of input and...

5.8CVSS2.4AI score0.03964EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/11 4:0 p.m.70 views

Cisco FireSIGHT System Software File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly...

5.8CVSS1.2AI score0.03026EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.70 views

Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

5.3CVSS2.9AI score0.01215EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.70 views

Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

8.6CVSS1.4AI score0.0232EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/19 4:0 p.m.70 views

Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. The vulnerability is due...

6.7CVSS7AI score0.00818EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/15 6:30 p.m.70 views

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 SSLv3 protocol when using a block cipher in Cipher Block Chaining CBC mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer...

2.6CVSS4.3AI score0.99999EPSS
Exploits7References1
Cisco
Cisco
added 2014/06/05 10:40 p.m.70 views

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSS...

10CVSS7.8AI score
Exploits0References1
Cisco
Cisco
added 2010/03/24 4:0 p.m.70 views

Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

Cisco IOS® Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session...

7.1CVSS6.7AI score0.02529EPSS
Exploits0References1
Cisco
Cisco
added 2004/03/17 1:0 p.m.70 views

Cisco OpenSSL Implementation Vulnerability

...

5CVSS2.5AI score0.10424EPSS
Exploits0References1Affected Software10
Cisco
Cisco
added 2023/11/01 4:0 p.m.69 views

Cisco Firepower Management Center Software Log API Denial of Service Vulnerability

A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...

7.5CVSS6.7AI score0.00669EPSS
Exploits0References1
Cisco
Cisco
added 2023/03/22 4:0 p.m.69 views

Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...

8.6CVSS7.7AI score0.00951EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/27 4:0 p.m.69 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

7.4CVSS7.2AI score0.00425EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/25 4:0 p.m.69 views

Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see t...

6.5CVSS7.4AI score0.01779EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.69 views

Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker...

5CVSS1.2AI score0.00825EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.69 views

Cisco Common Services Platform Collector Command Injection Vulnerability

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by...

4.7CVSS2.2AI score0.01814EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.69 views

Cisco Integrated Management Controller Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An...

4.7CVSS5.4AI score0.00831EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/28 4:0 p.m.69 views

Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability

A vulnerability in filesystem usage management for Cisco Firepower Device Manager FDM Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service DoS condition on an affected device. This vulnerability is due to the insufficient...

4.9CVSS5.8AI score0.01184EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.69 views

Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...

4.4CVSS5.3AI score0.0023EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.69 views

Cisco Data Center Network Manager Certificate Validation Vulnerabilities

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

7.5CVSS7.1AI score0.00875EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.69 views

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. The vulnerabilities are due to insufficient...

4.8CVSS1.8AI score
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.69 views

Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Firepower Chassis Manager FCM of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM...

8.8CVSS8.8AI score0.0055EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/20 4:0 p.m.69 views

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...

5.3CVSS1.5AI score0.00727EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/21 4:0 p.m.69 views

Cisco RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

4.1CVSS3.1AI score0.00262EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.69 views

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

8.6CVSS1.5AI score0.02764EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/06 4:0 p.m.69 views

Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...

5.4CVSS1.5AI score0.00876EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/06 4:0 p.m.69 views

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

4.2CVSS2.2AI score0.00894EPSS
Exploits1References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.69 views

Cisco Webex Meetings Online Content Injection Vulnerability

A vulnerability in Cisco Webex Meetings Online could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious...

4.3CVSS4.8AI score0.01412EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.69 views

Cisco Webex DOM-Based Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

6.1CVSS6AI score0.01012EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.69 views

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

4.7CVSS6.3AI score0.01686EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.69 views

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to...

4.4CVSS5.5AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/25 2:16 p.m.69 views

Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability

A vulnerability in the Service Module for Cisco Catalyst 3750-X Series Switches could allow an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module. The vulnerability is due to default credentials on the Cisco Service Module. An attacker could exploi...

6.8CVSS2.4AI score0.00349EPSS
Exploits0References1
Total number of security vulnerabilities5000