Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2021/10/20 4:0 p.m.•67 views

Cisco Integrated Management Controller GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...

5.3CVSS6.3AI score0.01233EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/18 4:0 p.m.•67 views

Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of memory...

6.5CVSS6.7AI score0.00381EPSS
Exploits0References1
Cisco
Cisco
•added 2021/07/07 4:0 p.m.•67 views

Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

6.1CVSS6AI score0.00813EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/28 4:0 p.m.•67 views

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to...

7.8CVSS7.9AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/17 4:0 p.m.•67 views

Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The...

7.2CVSS7.3AI score0.022EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/24 4:0 p.m.•67 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability

A vulnerability with the Border Gateway Protocol BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service DoS condition. This...

8.6CVSS7.8AI score0.01476EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•67 views

Cisco Smart Software Manager Satellite Static Credential Vulnerability

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...

7.8CVSS1.6AI score0.00256EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•67 views

Cisco DNA Center Command Runner Command Injection Vulnerability

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing craft...

9.6CVSS9.2AI score0.03725EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•67 views

Cisco Data Center Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more...

6.5CVSS5.9AI score0.0094EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•67 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability exists because affected devices...

9.8CVSS2.5AI score0.03286EPSS
Exploits1References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•67 views

Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validati...

5.4CVSS1.8AI score0.00633EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•67 views

Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

4.8CVSS1.2AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/27 4:0 p.m.•67 views

Cisco IOS and IOS XE Software Information Disclosure Vulnerability

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...

4.4CVSS1AI score0.00232EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/26 4:0 p.m.•67 views

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities

Multiple vulnerabilities in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerabilities ar...

6.7CVSS2.7AI score
Exploits0References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•67 views

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking...

5.3CVSS2.7AI score0.02276EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•67 views

Cisco FireSIGHT System VPN Policy Bypass Vulnerability

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

5.8CVSS1.2AI score0.01924EPSS
Exploits0References1
Cisco
Cisco
•added 2023/03/01 4:0 p.m.•66 views

Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

5.3CVSS6.4AI score0.00795EPSS
Exploits0References1
Cisco
Cisco
•added 2023/01/11 4:0 p.m.•66 views

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploi...

8.6CVSS7.2AI score0.00613EPSS
Exploits0References1
Cisco
Cisco
•added 2022/02/23 4:0 p.m.•66 views

Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the rate limiter for Bidirectional Forwarding Detection BFD traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error ...

8.6CVSS7.8AI score0.12345EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/25 4:0 p.m.•66 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper acces...

4.4CVSS5.1AI score0.00222EPSS
Exploits0References1
Cisco
Cisco
•added 2021/06/16 4:0 p.m.•66 views

Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is...

7CVSS7AI score0.00178EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/17 4:0 p.m.•66 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

6.1CVSS6AI score0.00784EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•66 views

Cisco Smart Software Manager Satellite SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

6.8CVSS1.1AI score0.01247EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/13 4:0 p.m.•66 views

Cisco Jabber and Webex Client Software Shared File Manipulation Vulnerability

A vulnerability in Cisco Jabber and Cisco Webex formerly Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerabili...

4.3CVSS4.8AI score0.01352EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•66 views

Cisco Web Security Appliance Unauthorized Device Reset Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific UR...

8.8CVSS1.4AI score0.00981EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/28 4:0 p.m.•66 views

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

7.8CVSS1.8AI score0.00352EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•66 views

Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

6.5CVSS1.8AI score0.01443EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•66 views

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web...

8.1CVSS3.6AI score0.03578EPSS
Exploits0References1
Cisco
Cisco
•added 2019/02/06 4:0 p.m.•66 views

Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient inpu...

6.1CVSS1.5AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•66 views

Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...

5.4CVSS1.3AI score0.00876EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•66 views

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS1.4AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
•added 2018/08/15 4:0 p.m.•66 views

Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of input and...

5.8CVSS2.4AI score0.03964EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/18 4:0 p.m.•66 views

Cisco Webex DOM-Based Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

6.1CVSS6AI score0.01012EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/18 4:0 p.m.•66 views

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient...

4.7CVSS3AI score0.02048EPSS
Exploits0References1
Cisco
Cisco
•added 2018/03/07 4:0 p.m.•66 views

Cisco Videoscape AnyRes Live Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...

5.4CVSS1.6AI score0.00678EPSS
Exploits0References1
Cisco
Cisco
•added 2018/01/31 4:0 p.m.•66 views

Cisco Aggregation Services Router 9000 Series IPv6 Fragment Header Denial of Service Vulnerability

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router ASR 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service DoS condition. The...

8.6CVSS8.6AI score0.02688EPSS
Exploits0References1
Cisco
Cisco
•added 2017/11/15 4:0 p.m.•66 views

Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade or Prim...

9.8CVSS9.6AI score0.06435EPSS
Exploits0References1
Cisco
Cisco
•added 2014/12/22 4:0 p.m.•66 views

Multiple Vulnerabilities in ntpd Affecting Cisco Products

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service DoS condition. On December 19, 2014, NTP.org and...

6.8CVSS9AI score0.7809EPSS
Exploits4References1
Cisco
Cisco
•added 2011/09/28 4:0 p.m.•66 views

Cisco IOS Software IPv6 Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability in the IP version 6 IPv6 protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 operation enabled. The vulnerability is triggered when an affected device processes a...

7.8CVSS6.5AI score0.01785EPSS
Exploits0References1
Cisco
Cisco
•added 2002/04/15 6:0 p.m.•66 views

Microsoft IIS Vulnerabilities in Cisco Products - MS02-018

...

7.5CVSS2.3AI score0.77341EPSS
Exploits9References1Affected Software3
Cisco
Cisco
•added 2001/06/27 3:0 p.m.•66 views

IOS HTTP Authorization Vulnerability

...

9.3CVSS0.8AI score0.6845EPSS
Exploits8References1
Cisco
Cisco
•added 2023/02/22 4:0 p.m.•65 views

Cisco NX-OS Software SSH X.509v3 Certificate Authentication with Unsupported Remote Authorization Method Privilege Escalation Issues

For certain products that are running Cisco NX-OS Software and are configured for SSH authentication with an X.509 version 3 X.509v3 certificate, two remote authorization methods are unsupported and could allow for privilege escalation: TACACS+ and certain configurations of Lightweight Directory...

7.4AI score
Exploits0References1
Cisco
Cisco
•added 2022/04/27 4:0 p.m.•65 views

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

5.4CVSS5.4AI score
Exploits0References1
Cisco
Cisco
•added 2022/04/27 4:0 p.m.•65 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

7.4CVSS7.2AI score0.00425EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/27 4:0 p.m.•65 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This...

8.6CVSS7.8AI score0.0155EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/22 4:0 p.m.•65 views

Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability

A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service DoS condition. This...

8.6CVSS8.4AI score0.01285EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•65 views

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

4.4CVSS1.4AI score0.0023EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/03 4:0 p.m.•65 views

Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are...

6.5CVSS6.9AI score0.00315EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•65 views

Cisco SD-WAN Buffer Overflow Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address...

9.8CVSS9.6AI score0.02132EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•65 views

Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...

7.8CVSS7.5AI score0.00443EPSS
Exploits0References1
Total number of security vulnerabilities5000