Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2021/04/07 4:0 p.m.•72 views

Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details...

9.8CVSS8.3AI score0.01932EPSS
Exploits2References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•72 views

Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking CSWSH attack and cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient HTTP protections in...

7.4CVSS7.2AI score0.006EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/27 4:0 p.m.•72 views

Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities

Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. These vulnerabilities are due to a parsing issue on DNS packets. An attacker...

8.6CVSS2.9AI score
Exploits0References1
Cisco
Cisco
•added 2018/07/11 4:0 p.m.•72 views

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS1.3AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
•added 2018/01/31 4:0 p.m.•72 views

Cisco Aggregation Services Router 9000 Series IPv6 Fragment Header Denial of Service Vulnerability

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router ASR 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service DoS condition. The...

8.6CVSS8.6AI score0.02688EPSS
Exploits0References1
Cisco
Cisco
•added 2015/04/08 5:5 p.m.•72 views

Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability

A vulnerability in the Network Time Protocol NTP daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system. The vulnerability is due to incorrect validation of the message authentication code MAC field. An attacker could exploit thi...

4.3CVSS6.7AI score0.02219EPSS
Exploits0References1
Cisco
Cisco
•added 2013/10/23 4:0 p.m.•72 views

Multiple Vulnerabilities in Cisco Identity Services Engine

Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...

9CVSS7.2AI score0.02291EPSS
Exploits0References1
Cisco
Cisco
•added 2008/10/22 4:0 p.m.•72 views

Multiple Vulnerabilities in Cisco PIX and Cisco ASA

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS5.9AI score0.02945EPSS
Exploits3References1
Cisco
Cisco
•added 2002/12/19 11:0 p.m.•72 views

SSH Malformed Packet Vulnerabilities

...

10CVSS2.1AI score0.80233EPSS
Exploits6References1Affected Software5
Cisco
Cisco
•added 2023/03/22 4:0 p.m.•71 views

Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

6.5CVSS7.5AI score0.00261EPSS
Exploits0References1
Cisco
Cisco
•added 2022/08/24 4:0 p.m.•71 views

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. This vulnerability is due to...

8.8CVSS9AI score0.0037EPSS
Exploits0References1
Cisco
Cisco
•added 2021/07/07 4:0 p.m.•71 views

Cisco Business Process Automation Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

8.8CVSS8.7AI score0.01734EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/07 4:0 p.m.•71 views

Cisco Umbrella Link and CSV Formula Injection Vulnerabilities

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details...

6.5CVSS1AI score0.00722EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/03 4:0 p.m.•71 views

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...

7.5CVSS7.9AI score
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•71 views

Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details "details" section of this...

8.8CVSS8.4AI score0.01901EPSS
Exploits0References1
Cisco
Cisco
•added 2020/11/18 4:0 p.m.•71 views

Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

9.8CVSS9.6AI score0.02173EPSS
Exploits0References1
Cisco
Cisco
•added 2020/10/21 4:0 p.m.•71 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

8.6CVSS8.6AI score0.0381EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/02 4:0 p.m.•71 views

Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence...

9.9CVSS9.3AI score0.62119EPSS
Exploits0References1
Cisco
Cisco
•added 2020/08/26 4:0 p.m.•71 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

8.6CVSS8.5AI score0.01371EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•71 views

Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...

5.2CVSS1.6AI score0.00432EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/23 2:0 p.m.•71 views

Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability

A vulnerability in the data acquisition DAQ component of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service DoS condition. The vulnerability exists because the affected software...

8.6CVSS8.6AI score0.01249EPSS
Exploits0References1
Cisco
Cisco
•added 2018/08/01 4:0 p.m.•71 views

Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...

6.8CVSS1.9AI score0.01482EPSS
Exploits0References1
Cisco
Cisco
•added 2018/05/22 1:0 a.m.•71 views

CPU Side-Channel Information Disclosure Vulnerabilities: May 2018

On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, loca...

5.6CVSS7.2AI score0.60631EPSS
Exploits2References1
Cisco
Cisco
•added 2018/03/28 4:0 p.m.•71 views

Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability

A vulnerability in the Forwarding Information Base FIB code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service DoS condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive...

6.8CVSS3.2AI score0.01053EPSS
Exploits0References1
Cisco
Cisco
•added 2018/03/07 4:0 p.m.•71 views

Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

5.3CVSS2.9AI score0.01215EPSS
Exploits0References1
Cisco
Cisco
•added 2017/11/15 4:0 p.m.•71 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient...

6.1CVSS6.3AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
•added 2017/09/09 5:0 p.m.•71 views

Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017

On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. T...

9.8CVSS9.7AI score0.8802EPSS
Exploits6References1
Cisco
Cisco
•added 2014/10/15 6:30 p.m.•71 views

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 SSLv3 protocol when using a block cipher in Cipher Block Chaining CBC mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer...

2.6CVSS4.3AI score0.99999EPSS
Exploits7References1
Cisco
Cisco
•added 2014/09/24 4:0 p.m.•71 views

Cisco IOS Software RSVP Vulnerability

A vulnerability in the implementation of the Resource Reservation Protocol RSVP in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service DoS...

7.8CVSS6.6AI score0.03023EPSS
Exploits0References1
Cisco
Cisco
•added 2010/03/24 4:0 p.m.•71 views

Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

Cisco IOS® Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session...

7.1CVSS6.7AI score0.02529EPSS
Exploits0References1
Cisco
Cisco
•added 2023/11/01 4:0 p.m.•70 views

Cisco Firepower Management Center Software Log API Denial of Service Vulnerability

A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...

7.5CVSS6.7AI score0.00669EPSS
Exploits0References1
Cisco
Cisco
•added 2021/11/03 4:0 p.m.•70 views

Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager NAM module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user...

6.7CVSS7.3AI score0.00235EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/20 4:0 p.m.•70 views

Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

4.8CVSS1.2AI score0.00573EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/22 4:0 p.m.•70 views

Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability

A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial...

5.3CVSS5.4AI score0.00974EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/01 4:0 p.m.•70 views

Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...

9.8CVSS9.8AI score0.17661EPSS
Exploits1References1
Cisco
Cisco
•added 2021/08/25 4:0 p.m.•70 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command...

6CVSS6.6AI score0.00446EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/25 4:0 p.m.•70 views

Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability

A vulnerability in the VXLAN Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific...

8.6CVSS8.4AI score0.01681EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/25 4:0 p.m.•70 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability

February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software...

8.6CVSS8.5AI score0.02453EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•70 views

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...

6.6CVSS7.2AI score0.0794EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/24 4:0 p.m.•70 views

Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...

5.5CVSS5.3AI score0.00223EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/17 4:0 p.m.•70 views

Cisco StarOS Denial of Service Vulnerability

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerability is due to a logic error that may occur under specific...

5.3CVSS6.3AI score0.0145EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/03 4:0 p.m.•70 views

Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details "details" section of this...

8.6CVSS8.1AI score0.01952EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•70 views

Cisco DNA Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

7.1CVSS9AI score0.00836EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/21 4:0 p.m.•70 views

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI implementation of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the...

7.5CVSS7.4AI score0.01997EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/21 4:0 p.m.•70 views

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a...

8.6CVSS1.1AI score0.02046EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/21 4:0 p.m.•70 views

Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of...

7.5CVSS1.7AI score0.01904EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/15 4:0 p.m.•70 views

Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

Update from August 25, 2021: Cisco found that this vulnerability was present in additional releases of Cisco NX-OS Software with the introduction of Python 3 support. For more information, see the Fixed Software "fs" section of this advisory. A vulnerability in the Python scripting subsystem of...

4.2CVSS2.6AI score0.00552EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/11 4:0 p.m.•70 views

Cisco FireSIGHT System Software File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly...

5.8CVSS1.2AI score0.03026EPSS
Exploits0References1
Cisco
Cisco
•added 2018/02/21 4:0 p.m.•70 views

Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

8.6CVSS1.4AI score0.0232EPSS
Exploits0References1
Cisco
Cisco
•added 2017/10/04 4:0 p.m.•70 views

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Total number of security vulnerabilities5000