Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2023/09/06 4:0 p.m.•54 views

Cisco Identity Services Engine RADIUS Denial of Service Vulnerability

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An...

8.6CVSS8.2AI score0.00758EPSS
Exploits0References1
Cisco
Cisco
•added 2023/04/19 4:0 p.m.•54 views

Cisco Modeling Labs External Authentication Bypass Vulnerability

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

9.1CVSS9.4AI score0.00895EPSS
Exploits0References1
Cisco
Cisco
•added 2023/04/19 4:0 p.m.•54 views

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS could allow an attacker to elevate privileges, overwrite arbitrary files, or view sensitive data on an affected device. For more information about these vulnerabilities, see the Details "details" section of...

6.7CVSS5.1AI score0.00264EPSS
Exploits0References1
Cisco
Cisco
•added 2023/04/19 4:0 p.m.•54 views

Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

8.8CVSS8.8AI score0.00861EPSS
Exploits0References1
Cisco
Cisco
•added 2022/11/02 4:0 p.m.•54 views

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an...

7.5CVSS7.6AI score0.00778EPSS
Exploits0References1
Cisco
Cisco
•added 2022/07/06 4:0 p.m.•54 views

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, and Cisco Unity Connection could...

6.1CVSS6AI score0.00656EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/22 4:0 p.m.•54 views

Cisco Access Points SSH Management Privilege Escalation Vulnerability

A vulnerability in the SSH management feature of multiple Cisco Access Points APs platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH...

7.8CVSS7.8AI score0.0021EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•54 views

Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...

4.4CVSS2.8AI score0.00229EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•54 views

Cisco SD-WAN vManage Software Authentication Bypass Vulnerability

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

8.8CVSS9AI score0.00441EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•54 views

Cisco SD-WAN Software vDaemon Denial of Service Vulnerability

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

7.5CVSS7.5AI score0.01519EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/28 4:0 p.m.•54 views

Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...

5.4CVSS5.7AI score0.0098EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/24 4:0 p.m.•54 views

Cisco Application Services Engine Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...

9.8CVSS8.4AI score0.0225EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/24 4:0 p.m.•54 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

7.4CVSS0.8AI score0.00373EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/17 4:0 p.m.•54 views

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...

6.5CVSS5.7AI score0.00971EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/03 4:0 p.m.•54 views

Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability

A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...

4.3CVSS1.9AI score0.00416EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•54 views

Cisco Umbrella Dashboard Packet Flood Vulnerability

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted...

5.3CVSS1AI score0.01281EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•54 views

Cisco Unified Communications Products Vulnerabilities

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...

6.5CVSS6.3AI score0.01352EPSS
Exploits0References1
Cisco
Cisco
•added 2020/10/21 4:0 p.m.•54 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

8.6CVSS7.7AI score0.02633EPSS
Exploits0References1
Cisco
Cisco
•added 2020/01/08 4:0 p.m.•54 views

Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attack...

8.8CVSS2.6AI score0.00975EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/20 4:0 p.m.•54 views

Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain...

5.3CVSS0.6AI score0.01581EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•54 views

Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability

A vulnerability in the bridge protocol data unit BPDU forwarding functionality of Cisco Aironet Access Points APs could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless client...

7.4CVSS0.8AI score0.00318EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/01 4:0 p.m.•54 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper management o...

7.7CVSS6.8AI score0.02067EPSS
Exploits0References1
Cisco
Cisco
•added 2018/04/18 4:0 p.m.•54 views

Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...

5.9CVSS5.8AI score0.01337EPSS
Exploits0References1
Cisco
Cisco
•added 2018/02/21 4:0 p.m.•54 views

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could...

5.4CVSS1.1AI score0.02074EPSS
Exploits0References1
Cisco
Cisco
•added 2018/01/17 4:0 p.m.•54 views

Cisco Unified Customer Voice Portal Denial of Service Vulnerability

A vulnerability in the application server of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during...

8.6CVSS8.5AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
•added 2017/10/18 4:0 p.m.•54 views

Cisco Webex Messenger Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Webex Messenger could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation...

5.5CVSS5.3AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
•added 2017/03/15 4:0 p.m.•54 views

Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability

A vulnerability in the Border Gateway Protocol BGP Bidirectional Forwarding Detection BFD implementation of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to bypass the access control list ACL for specific TCP and UDP traffic. The vulnerability occu...

5.8CVSS5.4AI score0.0143EPSS
Exploits0References1
Cisco
Cisco
•added 2013/02/13 4:57 p.m.•54 views

Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability

Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...

4.3CVSS1.7AI score0.00636EPSS
Exploits0References1
Cisco
Cisco
•added 2008/09/03 4:0 p.m.•54 views

Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS5.9AI score0.03419EPSS
Exploits1References1
Cisco
Cisco
•added 2023/09/27 4:0 p.m.•53 views

Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper resource...

8.6CVSS8.6AI score0.00653EPSS
Exploits0References1
Cisco
Cisco
•added 2023/01/11 4:0 p.m.•53 views

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service Vulnerability

A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due...

8.6CVSS8.5AI score0.00861EPSS
Exploits0References1
Cisco
Cisco
•added 2023/01/11 4:0 p.m.•53 views

Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

6.1CVSS6AI score0.00493EPSS
Exploits0References1
Cisco
Cisco
•added 2022/04/13 4:0 p.m.•53 views

Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability

A vulnerability in the implementation of the Resource Public Key Infrastructure RPKI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol BGP process to crash, resulting in a denial of service DoS condition. This vulnerability is du...

6.8CVSS6.6AI score0.01129EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/27 4:0 p.m.•53 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability

A vulnerability in the identity-based firewall IDFW rule processing feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper...

5.3CVSS5.4AI score0.01003EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/27 4:0 p.m.•53 views

Multiple Cisco Products Snort Rule Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actio...

8.6CVSS7.7AI score0.01346EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/06 4:0 p.m.•53 views

Cisco Orbital Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this...

4.7CVSS1.9AI score0.00939EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/06 4:0 p.m.•53 views

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

7.5CVSS8.2AI score0.01398EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/08 4:0 p.m.•53 views

Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability

A vulnerability in the IP Service Level Agreements IP SLA responder and Two-Way Active Measurement Protocol TWAMP features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in ...

8.6CVSS8.5AI score0.01249EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/01 4:0 p.m.•53 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...

5.5CVSS5.5AI score0.00225EPSS
Exploits0References1
Cisco
Cisco
•added 2021/06/16 4:0 p.m.•53 views

Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service DoS condition. For more information about these vulnerabilities, see the Details "details" section...

6.5CVSS7AI score0.00796EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•53 views

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol...

6.5CVSS6.4AI score0.00404EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/20 4:0 p.m.•53 views

Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows and Cisco Webex Meetings Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have...

5.3CVSS5.6AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed wit...

7.2CVSS3.9AI score0.03246EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability ...

8.8CVSS3.9AI score0.05979EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...

6.1CVSS1.4AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•53 views

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based managemen...

6.5CVSS2.5AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•53 views

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

5.4CVSS5.3AI score0.00657EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/01 4:0 p.m.•53 views

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol MOBIKE feature for the Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an...

8.6CVSS8.5AI score0.02039EPSS
Exploits0References1
Cisco
Cisco
•added 2019/04/17 4:0 p.m.•53 views

Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

5.4CVSS1.9AI score0.00545EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•53 views

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID GID. An...

7.3CVSS2.2AI score0.00424EPSS
Exploits0References1
Total number of security vulnerabilities5000