Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2018/02/07 4:0 p.m.52 views

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell...

4.4CVSS1.8AI score0.00413EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.52 views

Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the administrative shell of the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a...

7.8CVSS3AI score0.00399EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/03 4:0 p.m.52 views

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious A...

4.7CVSS9.6AI score0.03774EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.52 views

Multiple Vulnerabilities in Cisco Data Center Network Manager Software

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting...

6.1CVSS5.7AI score0.01594EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.52 views

Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...

7.7CVSS6.7AI score0.01607EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.52 views

Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an...

7.6CVSS6.7AI score0.00434EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.52 views

Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between...

5.3CVSS7.4AI score0.02234EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.52 views

Cisco AnyConnect Local Privilege Escalation Vulnerability

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input...

7.8CVSS7.7AI score0.00371EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/08 4:0 p.m.52 views

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...

8.8CVSS8.7AI score0.1476EPSS
Exploits1References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.52 views

Cisco Firepower System Software FTP Malware Vulnerability

A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. The vulnerability is due to ...

5CVSS7.6AI score0.01553EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/13 9:35 p.m.52 views

Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability

Cisco Catalyst Switches running Cisco IOS Software releases prior to 15.22E1 may allow an unauthenticated, remote attacker to retrieve version information about the software release running on the device by accessing the Network Mobility Services Protocol NMSP port. The vulnerability is due to a...

5CVSS5.2AI score0.01459EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/27 11:46 p.m.52 views

Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability by...

4.3CVSS6.4AI score0.01591EPSS
Exploits0References1
Cisco
Cisco
added 2013/04/15 4:0 p.m.53 views

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...

7.8CVSS6.6AI score
Exploits0References1
Cisco
Cisco
added 2007/04/12 4:0 p.m.52 views

Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

5.9AI score
Exploits0References1
Cisco
Cisco
added 2023/11/01 4:0 p.m.51 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should be denied to flo...

5.8CVSS5.6AI score
Exploits0References1
Cisco
Cisco
added 2023/09/27 4:0 p.m.51 views

Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS7.2AI score0.02344EPSS
Exploits0References1
Cisco
Cisco
added 2023/02/15 4:0 p.m.51 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...

6.1CVSS6AI score0.00737EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/20 4:0 p.m.51 views

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient inp...

7.5CVSS7.6AI score0.01333EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/06 4:0 p.m.51 views

Cisco IP Phone Software Arbitrary File Read Vulnerability

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug she...

5.5CVSS5.2AI score0.00258EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.51 views

Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability

A vulnerability in Ethernet over GRE EoGRE packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to...

8.6CVSS8.6AI score0.01285EPSS
Exploits0References1
Cisco
Cisco
added 2021/06/02 4:0 p.m.51 views

Cisco Webex Player Memory Corruption Vulnerability

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex...

5.3CVSS0.9AI score0.00576EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.51 views

Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to access general system information and...

5.3CVSS5.2AI score0.01142EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.51 views

Cisco Unified Communications Products Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager...

4.3CVSS5.3AI score0.00908EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/18 4:0 p.m.51 views

Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

6.3CVSS7.5AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.51 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored i...

7.8CVSS2AI score0.02432EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/20 4:0 p.m.51 views

Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...

6.7CVSS1.3AI score0.00944EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.51 views

Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center KDC and bypass authentication on an affected device that is configured to perform Kerberos...

8.1CVSS8.4AI score0.02358EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.51 views

Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

5.3CVSS5.3AI score0.00968EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/06 4:0 p.m.51 views

Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabilities

Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerabilities are due to insufficient input validation. A...

7.5CVSS2.9AI score0.01374EPSS
Exploits0References1
Cisco
Cisco
added 2019/08/28 4:0 p.m.51 views

Cisco NX-OS Software IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An...

8.6CVSS2AI score0.01929EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.51 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

6.7CVSS6.5AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.51 views

Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

Multiple vulnerabilities in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerabilities exist because software digital signatures...

6.7CVSS2.1AI score
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.51 views

Cisco NX-OS Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root...

6.7CVSS6.1AI score0.00227EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.51 views

Cisco Expressway Series Directory Traversal Vulnerability

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit th...

4.1CVSS2.4AI score0.03818EPSS
Exploits2References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.51 views

Cisco IOS Software NAT64 Denial of Service Vulnerability

A vulnerability in the Network Address Translation 64 NAT64 functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent...

8.6CVSS2AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/11 4:0 p.m.51 views

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input...

8.8CVSS1.4AI score0.05872EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.51 views

Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. For more information about this vulnerability per Cisco product, see the Details...

9.8CVSS9.5AI score0.49867EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/21 4:0 p.m.51 views

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...

6.1CVSS1.3AI score0.00885EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.51 views

Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...

5.3CVSS5.2AI score0.01656EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.51 views

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device. The vulnerability is due to imprope...

6.7CVSS7.4AI score0.77071EPSS
Exploits3References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.51 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/01 4:0 p.m.51 views

Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a...

6.5CVSS6.4AI score0.02804EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/03 4:0 p.m.51 views

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...

7.2AI score
Exploits0References1
Cisco
Cisco
added 2014/10/08 4:0 p.m.51 views

Multiple Vulnerabilities in Cisco ASA Software

2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4...

9CVSS7.4AI score0.01333EPSS
Exploits0References1
Cisco
Cisco
added 2012/03/28 4:0 p.m.51 views

Cisco IOS Internet Key Exchange Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS7.5AI score0.03849EPSS
Exploits0References1
Cisco
Cisco
added 2010/09/22 4:0 p.m.51 views

Cisco IOS SSL VPN Vulnerability

Cisco IOS® Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect. Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device...

7.8CVSS6.6AI score0.01763EPSS
Exploits0References1
Cisco
Cisco
added 2010/04/21 4:0 p.m.51 views

Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

9CVSS6.2AI score0.03025EPSS
Exploits0References1
Cisco
Cisco
added 2008/01/30 4:0 p.m.51 views

Cisco Wireless Control System Tomcat mod_jk.so Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.5CVSS7.3AI score0.81513EPSS
Exploits8References1
Cisco
Cisco
added 2004/01/13 12:0 p.m.51 views

Vulnerabilities in H.323 Message Processing

...

10CVSS2.6AI score0.40866EPSS
Exploits0References1Affected Software9
Cisco
Cisco
added 2023/11/01 4:0 p.m.50 views

Cisco Firepower Management Center Software Command Injection Vulnerability

A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...

9.9CVSS9.4AI score0.15821EPSS
Exploits4References1
Total number of security vulnerabilities5000