Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2019/05/01 4:0 p.m.60 views

Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability

A vulnerability in the Secure Shell SSH authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. ...

7.2CVSS7.2AI score0.00855EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.60 views

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...

7.2CVSS2AI score0.03767EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.60 views

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

8.6CVSS1.5AI score0.02764EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/06 4:0 p.m.60 views

Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

8.6CVSS1.6AI score
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.60 views

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation when handling...

7.4CVSS1.7AI score0.00856EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.60 views

Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

5.9CVSS1.8AI score0.01487EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.60 views

Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

7.3CVSS9.8AI score0.01928EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.60 views

Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to...

4.3CVSS4.7AI score0.00608EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.60 views

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the emsd service stops. The vulnerability is due to the software's inability to...

5.3CVSS7.6AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/08 4:0 p.m.60 views

Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability

A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...

8.4CVSS7.6AI score0.01711EPSS
Exploits5References1
Cisco
Cisco
added 2024/05/15 4:0 p.m.59 views

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...

7.8CVSS7.7AI score0.00342EPSS
Exploits0References1
Cisco
Cisco
added 2024/04/24 4:0 p.m.59 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS6.6AI score0.16995EPSS
Exploits1References1
Cisco
Cisco
added 2021/08/25 4:0 p.m.59 views

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is d...

8.8CVSS8.7AI score0.01971EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.59 views

Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery Protocol and Link Layer Discovery Protocol Memory Leak Vulnerabilities

Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition...

6.5CVSS6.7AI score
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.59 views

Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details...

8.1CVSS7.7AI score0.01093EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/19 4:0 p.m.59 views

Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI...

6CVSS6.7AI score0.00325EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.59 views

Cisco Wide Area Application Services Software Information Disclosure Vulnerability

A vulnerability in Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute...

5.5CVSS5.7AI score0.00242EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.59 views

Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service DoS condition on an affected system. This vulnerability is due to improper handlin...

5.4CVSS1.1AI score0.01115EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/07 4:0 p.m.59 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

4.9CVSS4.8AI score0.01081EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/24 4:0 p.m.59 views

Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...

9.8CVSS9.4AI score0.01574EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.59 views

Cisco Smart Software Manager Satellite Open Redirect Vulnerability

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an...

4.6CVSS0.9AI score0.00564EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/18 4:0 p.m.59 views

Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a...

6.5CVSS1.3AI score0.01734EPSS
Exploits0References1
Cisco
Cisco
added 2020/03/04 4:0 p.m.59 views

Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

7.1CVSS2.5AI score0.005EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/06 4:0 p.m.59 views

Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...

6.1CVSS1.5AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.59 views

Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

8.1CVSS2.4AI score0.00645EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.59 views

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...

4.8CVSS5AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
added 2019/01/09 4:0 p.m.59 views

Cisco Webex Business Suite Cross-Site Scripting Vulnerability

A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convinci...

6.1CVSS0.6AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.59 views

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

6.1CVSS6.1AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.59 views

Cisco IOS XE Software CLI Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...

5.3CVSS3.2AI score
Exploits0References1
Cisco
Cisco
added 2016/05/13 4:30 p.m.59 views

Cisco Industrial Ethernet 4000 and Ethernet 5000 Series Switches ICMP IPv4 Packet Corruption Vulnerability

A vulnerability in the packet processing microcode of Cisco Industrial Ethernet 4000 Series Switches and Cisco Industrial Ethernet 5000 Series Switches could allow an unauthenticated, remote attacker to corrupt packets enqueued on the device for further processing. The vulnerability is due to...

5CVSS7.7AI score0.02471EPSS
Exploits0References1
Cisco
Cisco
added 2009/09/08 12:0 a.m.59 views

TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS9.3AI score0.32123EPSS
Exploits1References1
Cisco
Cisco
added 2023/08/23 4:0 p.m.58 views

Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

5.4CVSS5.4AI score0.00439EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.58 views

Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit...

9.8CVSS10AI score0.02546EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.58 views

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

7.8CVSS8AI score0.00666EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/21 4:0 p.m.58 views

Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

4.3CVSS4.7AI score0.00818EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.58 views

Cisco IOS XE Software Local Privilege Escalation Vulnerability

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

5.1CVSS6.3AI score0.00328EPSS
Exploits0References1
Cisco
Cisco
added 2021/03/24 4:0 p.m.58 views

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...

5.1CVSS5.6AI score0.00275EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/24 4:0 p.m.58 views

Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that a...

8.6CVSS8.5AI score0.01369EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/24 4:0 p.m.58 views

Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...

5.5CVSS5.3AI score0.00223EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/03 4:0 p.m.58 views

Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper...

7.2CVSS2.5AI score
Exploits0References1
Cisco
Cisco
added 2020/09/02 4:0 p.m.58 views

Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...

5.7CVSS6AI score0.01267EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.59 views

Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management...

5.3CVSS5.3AI score0.00914EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.58 views

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

4.4CVSS1.5AI score0.00256EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.58 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

5.4CVSS1.7AI score0.00633EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/28 4:0 p.m.58 views

Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol SNMP Access Control List ACL feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The...

5.8CVSS1.5AI score0.01365EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.58 views

Cisco SD-WAN Solution Packet Filtering Bypass Vulnerability

A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...

5.8CVSS2.2AI score0.01455EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/07 4:0 p.m.58 views

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of Intermediate System–to–Intermediate System IS–IS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...

7.4CVSS7.5AI score0.00525EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.58 views

Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability

A vulnerability in the NX API NX-API Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of...

5.4CVSS5.3AI score0.00894EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.58 views

Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability

A vulnerability in the Remote Package Manager RPM subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use TOCTOU race condition to corrupt local variables, which could lead to arbitrary command injectio...

6.4CVSS6.7AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.58 views

Cisco Umbrella Cross-Site Scripting Vulnerability

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An...

6.1CVSS2.1AI score0.01211EPSS
Exploits0References1
Total number of security vulnerabilities5000