Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2019/11/20 4:0 p.m.•53 views

Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows and Cisco Webex Meetings Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have...

5.3CVSS5.6AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed wit...

7.2CVSS3.9AI score0.03246EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability ...

8.8CVSS3.9AI score0.05979EPSS
Exploits0References1
Cisco
Cisco
•added 2019/11/06 4:0 p.m.•53 views

Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...

6.1CVSS1.4AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•53 views

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based managemen...

6.5CVSS2.5AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•53 views

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

5.4CVSS5.3AI score0.00657EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/01 4:0 p.m.•53 views

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol MOBIKE feature for the Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an...

8.6CVSS8.5AI score0.02039EPSS
Exploits0References1
Cisco
Cisco
•added 2019/04/17 4:0 p.m.•53 views

Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

5.4CVSS1.9AI score0.00545EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•53 views

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID GID. An...

7.3CVSS2.2AI score0.00424EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•53 views

Cisco Unified IP Phone Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

5.3CVSS1.4AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
•added 2018/04/18 4:0 p.m.•53 views

Cisco WebEx Clients Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An...

9CVSS2.4AI score0.027EPSS
Exploits0References1
Cisco
Cisco
•added 2018/03/28 4:0 p.m.•53 views

Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An...

8.8CVSS2.4AI score0.03319EPSS
Exploits0References1
Cisco
Cisco
•added 2017/11/03 4:0 p.m.•53 views

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...

6.8CVSS0.5AI score0.05367EPSS
Exploits0References1
Cisco
Cisco
•added 2016/09/22 4:0 p.m.•53 views

Cisco Email Security Appliance Internal Testing Interface Vulnerability

A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface intended for use during...

10CVSS9.5AI score0.03574EPSS
Exploits0References1
Cisco
Cisco
•added 2015/03/09 8:42 p.m.•53 views

Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability

A vulnerability in Cisco Secure Access Control Server ACS may allow an authenticated, remote attacker to render the ACS web interface unreachable and to execute arbitrary code on the server with the privileges of the web server. The vulnerability is due to a default Tomcat administration web...

6.5CVSS7.3AI score0.04031EPSS
Exploits0References1
Cisco
Cisco
•added 2013/10/23 4:0 p.m.•53 views

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests...

9CVSS9.1AI score0.99998EPSS
Exploits18References1
Cisco
Cisco
•added 2013/07/11 5:33 p.m.•54 views

Apache HTTP Server MERGE Request Denial of Service Vulnerability

A vulnerability in the moddav component of the Apache HTTP Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input while handling URI requests. An attacker could exploit the...

4.3CVSS1.4AI score0.29484EPSS
Exploits3References1
Cisco
Cisco
•added 2002/04/10 4:0 p.m.•53 views

Solaris /bin/login Vulnerability

...

10CVSS1.6AI score0.88836EPSS
Exploits27References1Affected Software6
Cisco
Cisco
•added 2024/04/24 4:0 p.m.•52 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

8.6CVSS8.5AI score0.63272EPSS
Exploits1References1
Cisco
Cisco
•added 2023/11/01 4:0 p.m.•52 views

Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handli...

8.6CVSS8.6AI score0.00774EPSS
Exploits0References1
Cisco
Cisco
•added 2022/10/05 4:0 p.m.•52 views

Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to execute code, cause the service to reload unexpectedly, or cause Cisco Discovery Protocol or LLDP database corrupti...

5.3CVSS6.1AI score0.00935EPSS
Exploits0References1
Cisco
Cisco
•added 2022/09/07 4:0 p.m.•52 views

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...

4CVSS0.9AI score0.00838EPSS
Exploits0References1
Cisco
Cisco
•added 2022/04/13 4:0 p.m.•52 views

Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability

A vulnerability in the Tool Command Language Tcl interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl...

5.1CVSS7AI score0.00272EPSS
Exploits0References1
Cisco
Cisco
•added 2022/02/23 4:0 p.m.•52 views

Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

8.8CVSS8.9AI score0.1455EPSS
Exploits0References1
Cisco
Cisco
•added 2022/01/12 4:0 p.m.•52 views

Cisco Security Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS6.4AI score0.00759EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/27 4:0 p.m.•52 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability

A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because incomin...

8.6CVSS7.9AI score0.01482EPSS
Exploits0References1
Cisco
Cisco
•added 2021/10/06 4:0 p.m.•52 views

Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...

6.4CVSS6AI score0.00714EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/22 4:0 p.m.•52 views

Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability

A vulnerability in the WLAN Control Protocol WCP implementation for Cisco Aironet Access Point AP software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. This vulnerability is due to incorrect error handli...

7.4CVSS7.5AI score0.00349EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/22 4:0 p.m.•52 views

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability

A vulnerability in the Common Open Policy Service COPS of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service DoS condition. This vulnerability is due to a deadlock conditi...

8.6CVSS8.6AI score0.00947EPSS
Exploits0References1
Cisco
Cisco
•added 2021/09/01 4:0 p.m.•52 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

4.8CVSS5AI score0.00594EPSS
Exploits0References1
Cisco
Cisco
•added 2021/07/07 4:0 p.m.•52 views

Cisco BroadWorks Application Server Information Disclosure Vulnerability

A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can...

4.3CVSS1.1AI score0.00873EPSS
Exploits0References1
Cisco
Cisco
•added 2021/07/07 4:0 p.m.•52 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

4.8CVSS5AI score0.00594EPSS
Exploits0References1
Cisco
Cisco
•added 2021/06/16 4:0 p.m.•52 views

Cisco DNA Center Certificate Validation Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when...

7.4CVSS7.6AI score0.00774EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•52 views

Cisco SD-WAN vManage API Stored Cross-Site Scripting Vulnerability

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied...

6.4CVSS5.7AI score0.00635EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•52 views

Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

4.3CVSS5.2AI score0.01156EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•52 views

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...

5.3CVSS5.2AI score0.00765EPSS
Exploits1References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•52 views

Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...

4.8CVSS5AI score0.00787EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•52 views

Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management...

6.5CVSS6.5AI score0.0141EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/20 4:0 p.m.•52 views

Cisco SD-WAN vManage Software Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

5.3CVSS5.9AI score0.01949EPSS
Exploits0References1
Cisco
Cisco
•added 2020/10/21 4:0 p.m.•52 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

5.3CVSS5.9AI score0.01217EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•52 views

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

6CVSS1.7AI score0.00271EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/15 4:0 p.m.•52 views

Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)

Multiple vulnerabilities in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of arguments passed to certain CLI commands. An...

6.7CVSS2.5AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/15 4:0 p.m.•52 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command ...

6.7CVSS6.5AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/01 4:0 p.m.•52 views

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...

7.5CVSS7.6AI score0.02236EPSS
Exploits0References1
Cisco
Cisco
•added 2019/04/17 4:0 p.m.•52 views

Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of...

5.8CVSS6.4AI score0.0264EPSS
Exploits0References1
Cisco
Cisco
•added 2019/04/17 4:0 p.m.•52 views

Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of Secure Sockets Layer SSL renegotiation requests. A...

5.3CVSS1.7AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/27 4:0 p.m.•52 views

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...

8.8CVSS2.5AI score0.03469EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•52 views

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to th...

7.8CVSS2.3AI score0.00375EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•52 views

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

4.2CVSS2.2AI score0.00894EPSS
Exploits1References1
Cisco
Cisco
•added 2018/03/28 4:0 p.m.•52 views

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability

A vulnerability in the IP Version 4 IPv4 processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads ...

8.6CVSS1AI score0.03893EPSS
Exploits0References1
Total number of security vulnerabilities5000