Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2022/04/27 4:0 p.m.65 views

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

5.4CVSS5.4AI score
Exploits0References1
Cisco
Cisco
added 2021/10/27 4:0 p.m.65 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This...

8.6CVSS7.8AI score0.0155EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.65 views

Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability

A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service DoS condition. This...

8.6CVSS8.4AI score0.01285EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.65 views

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

4.4CVSS1.4AI score0.0023EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/03 4:0 p.m.65 views

Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are...

6.5CVSS6.9AI score0.00315EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.65 views

Cisco SD-WAN Buffer Overflow Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address...

9.8CVSS9.6AI score0.02132EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.65 views

Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...

7.8CVSS7.5AI score0.00443EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.65 views

Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

7.8CVSS1AI score0.00395EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/06 4:0 p.m.65 views

Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

4.4CVSS1.9AI score0.00288EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.65 views

Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

6.1CVSS1.5AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.65 views

Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS protocol inspection engine of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors...

5.8CVSS6.7AI score0.01493EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/01 4:0 p.m.65 views

Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

5.4CVSS1.5AI score0.00678EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.65 views

Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...

6.1CVSS1.3AI score0.0178EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.65 views

Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...

5.5CVSS1.6AI score0.01301EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.65 views

Cisco SD-WAN Solution Remote Code Execution Vulnerability

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

6.3CVSS3.3AI score0.01964EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.65 views

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.65 views

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...

8.6CVSS2.5AI score0.06874EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.65 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

5.4CVSS1.9AI score0.00835EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.65 views

Multiple Cisco Unified Communications Products Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Emergency Responder and Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected...

6.1CVSS1.6AI score0.01244EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.65 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient...

6.1CVSS6.3AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.65 views

Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The issues are in IPv4 Multicast Source Discovery Protocol MSDP and IPv6 Protocol Independent Multicast PIM. The first...

7.8CVSS7.7AI score
Exploits0References1
Cisco
Cisco
added 2016/01/20 4:0 p.m.66 views

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is...

10CVSS9.8AI score0.08684EPSS
Exploits2References1
Cisco
Cisco
added 2013/08/01 4:0 p.m.65 views

OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System AS domain routing table,...

5.8CVSS5.5AI score0.02206EPSS
Exploits0References1
Cisco
Cisco
added 2008/10/22 4:0 p.m.65 views

Multiple Vulnerabilities in Cisco PIX and Cisco ASA

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS5.9AI score0.02945EPSS
Exploits3References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.64 views

Cisco ThousandEyes Recorder Information Disclosure Vulnerability

A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the...

6.2CVSS0.3AI score0.00208EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.64 views

Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability

A vulnerability in the Java Management Extensions JMX component of Cisco Hosted Collaboration Mediation Fulfillment HCM-F could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An...

5.3CVSS1.5AI score0.01015EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/07 4:0 p.m.64 views

Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

4.3CVSS4.4AI score0.00615EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.64 views

Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...

6.7CVSS6.5AI score0.00308EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.64 views

Cisco IOx Application Environment Path Traversal Vulnerability

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

6.5CVSS6.7AI score0.02671EPSS
Exploits1References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.64 views

Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...

7.3CVSS7.3AI score0.0034EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/06 4:0 p.m.64 views

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

8.8CVSS2.2AI score0.01746EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.64 views

Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

4.4CVSS1.4AI score0.0065EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.64 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

4.8CVSS1.9AI score0.00622EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.64 views

Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An...

6.5CVSS1.7AI score0.01088EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.64 views

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

6.7CVSS3.6AI score0.00499EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.64 views

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

A vulnerability in the Virtual Network Computing VNC console implementation of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an...

9.8CVSS1.5AI score0.02285EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.64 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of...

6.7CVSS2.9AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.64 views

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

7.8CVSS8AI score0.00352EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.64 views

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability b...

8.8CVSS2.8AI score0.00446EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/12 4:0 p.m.64 views

Cisco Network Assurance Engine CLI Access with Default Password Vulnerability

A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...

7.7CVSS1.7AI score0.0029EPSS
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.64 views

Cisco TelePresence Management Suite Web Services

Cisco TelePresence Management Suite TMS software implements a Simple Object Access Protocol SOAP interface that by design allows unauthenticated access to web services designed to provide management features to devices. At first publication of the advisory, the management feature was not document...

1.2AI score
Exploits0References1
Cisco
Cisco
added 2019/02/06 4:0 p.m.64 views

Cisco Aironet Active Sensor Static Credentials Vulnerability

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

7.5CVSS2.6AI score0.02589EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/01 4:0 p.m.64 views

Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

6.1CVSS1.4AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.64 views

Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

8.6CVSS1.4AI score0.0232EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.64 views

Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

5.3CVSS7.7AI score0.02033EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/23 9:30 p.m.64 views

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...

5.9CVSS7.4AI score0.0091EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.64 views

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.64 views

Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability

A vulnerability in the Overlay Transport Virtualization OTV generic routing encapsulation GRE implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code. The vulnerability i...

10CVSS9.9AI score0.0807EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.64 views

Cisco Firepower Management Center SQL Injection Vulnerability

A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device. The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQ...

6CVSS7.8AI score0.01282EPSS
Exploits0References1
Cisco
Cisco
added 2024/04/17 4:0 p.m.63 views

Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...

5.3CVSS5.3AI score0.00511EPSS
Exploits0References1
Total number of security vulnerabilities5000