Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2021/10/27 4:0 p.m.•63 views

Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper memory resource manageme...

6.8CVSS6.9AI score0.02367EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/20 4:0 p.m.•63 views

Cisco Tetration Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate...

4.8CVSS4.9AI score0.00575EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/18 4:0 p.m.•63 views

Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

5.4CVSS6.1AI score0.00743EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/04 4:0 p.m.•63 views

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exis...

7.8CVSS8.1AI score0.00247EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•63 views

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

8.8CVSS8.1AI score0.02034EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/07 4:0 p.m.•63 views

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation...

6.6CVSS7AI score0.00322EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•63 views

Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

7.5CVSS7.5AI score0.01601EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•63 views

Cisco IOS XE Software Web UI OS Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are...

5.5CVSS6.5AI score0.02262EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/03 4:0 p.m.•63 views

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

9.8CVSS7.7AI score0.05421EPSS
Exploits0References1
Cisco
Cisco
•added 2020/11/04 4:0 p.m.•63 views

Cisco SD-WAN Software Packet Filtering Bypass Vulnerability

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...

5.8CVSS2.7AI score0.01476EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•63 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...

7.8CVSS2.1AI score0.01715EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•63 views

Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management...

4.3CVSS1.2AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•63 views

Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

4.9CVSS1.4AI score0.01892EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/01 4:0 p.m.•63 views

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...

7.8CVSS2.9AI score0.00352EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/27 4:0 p.m.•63 views

Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could...

4.7CVSS1.1AI score0.00593EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/26 4:0 p.m.•63 views

Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Precision Time Protocol PTP subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could explo...

7.5CVSS1.3AI score0.03519EPSS
Exploits0References1
Cisco
Cisco
•added 2018/08/01 4:0 p.m.•63 views

Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...

6.8CVSS1.9AI score0.01482EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/18 4:0 p.m.•63 views

Cisco Webex Teams Remote Code Execution Vulnerability

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability ...

6.3CVSS9AI score0.03106EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•63 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...

4.8CVSS1.1AI score0.01276EPSS
Exploits0References1
Cisco
Cisco
•added 2018/03/28 4:0 p.m.•63 views

Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability

A vulnerability in the Forwarding Information Base FIB code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service DoS condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive...

6.8CVSS3.2AI score0.01053EPSS
Exploits0References1
Cisco
Cisco
•added 2016/09/28 4:0 p.m.•63 views

Cisco Firepower Management Center SQL Injection Vulnerability

A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device. The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQ...

6CVSS7.8AI score0.01282EPSS
Exploits0References1
Cisco
Cisco
•added 2016/02/18 8:22 p.m.•63 views

Vulnerability in GNU glibc Affecting Cisco Products: February 2016

On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library glibc was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer...

8.1CVSS7.8AI score0.89557EPSS
Exploits17References1
Cisco
Cisco
•added 2007/03/20 4:35 p.m.•63 views

Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability

Cisco 7940 and 7960 IP phones with firmware version 7.4 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists due to an error within the handling of malformed SIP INVITE messages. An attacker could exploit...

5CVSS6.6AI score0.09184EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/27 4:0 p.m.•62 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities

Multiple vulnerabilities in the Application Level Gateway ALG for the Network Address Translation NAT feature of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized...

4.7CVSS5.3AI score0.011EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/20 4:0 p.m.•62 views

Cisco Webex Software Application Authorization Bypass Vulnerability

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...

4.3CVSS5.8AI score0.00438EPSS
Exploits0References1
Cisco
Cisco
•added 2021/08/25 4:0 p.m.•62 views

Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability

A vulnerability in the MPLS Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation when an affected devi...

8.6CVSS8.5AI score0.01516EPSS
Exploits0References1
Cisco
Cisco
•added 2021/06/02 4:0 p.m.•62 views

Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability b...

4.7CVSS5.5AI score0.00783EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•62 views

Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

6.7CVSS7AI score0.00275EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•62 views

Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...

4.4CVSS3.4AI score0.00325EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/21 4:0 p.m.•62 views

Cisco SD-WAN vManage XML External Entity Vulnerability

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...

6.4CVSS6.4AI score0.00859EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•62 views

Cisco Access Point Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...

6.7CVSS6.6AI score0.00265EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•62 views

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the DNS application layer gateway ALG functionality used by Network Address Translation NAT in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected...

8.6CVSS7.9AI score0.01494EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•62 views

Cisco IOS XE Software Web UI Denial of Service Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service DoS condition. These vulnerabilities are due...

4.3CVSS5.2AI score
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•62 views

Cisco SD-WAN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software...

8.6CVSS8.2AI score0.01894EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•62 views

Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

8.8CVSS6.8AI score0.0196EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/03 4:0 p.m.•62 views

Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient sanity...

8.6CVSS1.9AI score0.01555EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•62 views

Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

8CVSS3.6AI score
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•62 views

Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

4.8CVSS1.3AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•62 views

Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS...

5.3CVSS1AI score0.01967EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/15 4:0 p.m.•63 views

Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The...

6.7CVSS2.4AI score0.00263EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/07 4:0 p.m.•62 views

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted...

10CVSS2.2AI score0.30342EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/27 4:0 p.m.•62 views

Cisco IOS XE Software Arbitrary File Upload Vulnerability

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a...

8.8CVSS2.4AI score0.02208EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•62 views

Cisco NX-OS Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signature...

6.7CVSS6.4AI score0.00244EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•62 views

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS1.2AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•62 views

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who ...

6.5CVSS1.5AI score0.01789EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/20 4:0 p.m.•62 views

Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

8.8CVSS2.7AI score0.0483EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•62 views

Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...

5.3CVSS2.2AI score0.02415EPSS
Exploits0References1
Cisco
Cisco
•added 2018/02/21 4:0 p.m.•62 views

Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability

A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

4.7CVSS1.3AI score0.01244EPSS
Exploits0References1
Cisco
Cisco
•added 2015/04/08 4:41 p.m.•62 views

Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability

A vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper processing of Network Time Protocol NTP packets when handling symmetric key authentication failures. An attacker could...

4.3CVSS6.2AI score0.00902EPSS
Exploits0References1
Cisco
Cisco
•added 2015/03/25 4:0 p.m.•62 views

Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability

A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing ...

7.8CVSS6.5AI score0.03807EPSS
Exploits0References1
Total number of security vulnerabilities5000