Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2024/04/24 4:0 p.m.49 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...

6CVSS6.7AI score0.00705EPSS
Exploits0References1
Cisco
Cisco
added 2024/03/27 4:0 p.m.49 views

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending craft...

6.5CVSS6.5AI score0.00546EPSS
Exploits0References1
Cisco
Cisco
added 2023/11/01 4:0 p.m.49 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to imprope...

8.6CVSS8.5AI score0.0064EPSS
Exploits0References1
Cisco
Cisco
added 2022/11/16 4:0 p.m.49 views

Cisco Identity Services Engine Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to inject arbitrary operating system commands, bypass security protections, and conduct cross-site scripting attacks. For more information about these vulnerabilities, see the Details...

6.3CVSS6AI score0.30649EPSS
Exploits0References1
Cisco
Cisco
added 2022/11/09 4:0 p.m.49 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...

7.7CVSS6.7AI score0.00495EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/28 4:0 p.m.49 views

Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor ROMMON Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot...

4.6CVSS4.7AI score0.00262EPSS
Exploits0References1
Cisco
Cisco
added 2022/08/10 4:0 p.m.49 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is du...

4.3CVSS6.4AI score0.01302EPSS
Exploits0References1
Cisco
Cisco
added 2022/07/06 4:0 p.m.49 views

Cisco Unified Communications Manager Arbitrary File Read Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of a...

4.3CVSS4.6AI score0.01373EPSS
Exploits0References1
Cisco
Cisco
added 2022/01/19 4:0 p.m.49 views

Multiple Cisco Products CLI Command Injection Vulnerability

A vulnerability in the implementation of the CLI for multiple Cisco products could allow an authenticated, local attacker to perform a command injection attack. This vulnerability is due to insufficient validation of a process argument on an affected product. An attacker could exploit this...

8.8CVSS9AI score0.00832EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/27 4:0 p.m.49 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the memory management of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper resource...

8.6CVSS7.9AI score0.01386EPSS
Exploits0References1
Cisco
Cisco
added 2021/10/27 4:0 p.m.49 views

Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. This vulnerability is due to a lack of proper error...

8.6CVSS7.9AI score0.01346EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/08 4:0 p.m.49 views

Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS8AI score0.01581EPSS
Exploits0References1
Cisco
Cisco
added 2021/02/03 4:0 p.m.49 views

Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System NCS 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on...

6.7CVSS6.7AI score0.00204EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/20 4:0 p.m.49 views

Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability

A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...

8.8CVSS8.8AI score0.01284EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.49 views

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this...

5.8CVSS7.6AI score0.01985EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.49 views

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

5.5CVSS5.2AI score0.00259EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.49 views

Cisco Firepower Management Center XML Entity Expansion Vulnerability

A vulnerability in the dashboard widget of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit th...

4.3CVSS4.7AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2021/01/13 4:0 p.m.49 views

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol messages are...

6.5CVSS5.4AI score0.00498EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/05 4:0 p.m.49 views

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows...

7.8CVSS1.3AI score0.10049EPSS
Exploits5References1
Cisco
Cisco
added 2020/06/01 4:0 p.m.49 views

Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service DoS condition on an affected device. The vulnerability is due to the affected device unexpectedly decapsulating and...

8.6CVSS1.7AI score0.26458EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/20 4:0 p.m.49 views

Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

5.4CVSS1.4AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2019/11/20 4:0 p.m.49 views

Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...

6.7CVSS3.5AI score0.00518EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/16 4:0 p.m.49 views

Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

4.8CVSS5AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.49 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...

5.8CVSS6.1AI score0.01977EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.49 views

Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router ASR 900 Route Switch Processor 3 RSP3 could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The...

7.4CVSS1.7AI score0.00605EPSS
Exploits0References1
Cisco
Cisco
added 2019/03/27 4:0 p.m.49 views

Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability

A vulnerability in Performance Routing Version 3 PfRv3 of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by...

6.8CVSS3.8AI score0.02138EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.49 views

Multiple Vulnerabilities in Cisco Unified Contact Center Express

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface, conduct a cross-site request forgery CSRF attack, or...

6.3CVSS1.5AI score0.02659EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.49 views

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the...

7.4CVSS2.2AI score0.00737EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.49 views

Cisco Identity Services Engine Local Command Injection Vulnerability

A vulnerability in certain CLI commands of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user. These commands should have been restricted from this user. The vulnerability...

5.3CVSS3AI score0.01036EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.49 views

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability i...

8.8CVSS8.9AI score0.03802EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.49 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

6.1CVSS6.1AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.49 views

Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service DoS condition because the Snort process restarts unexpectedly. The vulnerability is due...

8.6CVSS8.6AI score0.0158EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.49 views

Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability

A vulnerability in the logging configuration of Secure Sockets Layer SSL policies for Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of system resources. The vulnerability is due to the logging of...

5.8CVSS7.5AI score0.02394EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.49 views

Cisco StarOS SSH Privilege Escalation Vulnerability

A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...

8.8CVSS9.1AI score0.03263EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/25 9:30 p.m.49 views

Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability

A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device. The vulnerability is due to the lack of unique key and certificate...

5CVSS6.4AI score0.01305EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/20 2:44 p.m.49 views

Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability

A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...

4.3CVSS6.6AI score0.00958EPSS
Exploits0References1
Cisco
Cisco
added 2010/03/24 4:0 p.m.49 views

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol SIP implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released...

7.2AI score
Exploits0References1
Cisco
Cisco
added 2008/07/08 6:0 p.m.49 views

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

6.4CVSS6.8AI score
Exploits0References1
Cisco
Cisco
added 2024/03/27 4:0 p.m.48 views

Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and sho...

5.5CVSS5.5AI score0.00146EPSS
Exploits0References1
Cisco
Cisco
added 2023/12/12 4:0 p.m.48 views

Apache Struts Vulnerability Affecting Cisco Products: December 2023

On December 7, 2023, the following vulnerability in Apache Struts was disclosed: CVE-2023-50164: An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. For...

9.8CVSS9.6AI score0.80819EPSS
Exploits15References1
Cisco
Cisco
added 2023/10/04 4:0 p.m.48 views

Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

8.6CVSS8.1AI score0.00612EPSS
Exploits0References1
Cisco
Cisco
added 2023/08/16 4:0 p.m.48 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

4.8CVSS5.3AI score0.00355EPSS
Exploits0References1
Cisco
Cisco
added 2023/05/17 4:0 p.m.48 views

Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

9.8CVSS9.2AI score0.11101EPSS
Exploits0References1
Cisco
Cisco
added 2023/04/05 4:0 p.m.48 views

Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacke...

5.4CVSS5.2AI score0.005EPSS
Exploits0References1
Cisco
Cisco
added 2023/02/22 4:0 p.m.48 views

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input...

6CVSS6.4AI score0.00223EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/28 4:0 p.m.48 views

Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability

A vulnerability in the processing of malformed Common Industrial Protocol CIP packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition...

8.6CVSS7.9AI score0.01014EPSS
Exploits0References1
Cisco
Cisco
added 2022/08/24 4:0 p.m.48 views

Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability

A vulnerability in the OSPF version 3 OSPFv3 feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could...

8.6CVSS8.6AI score0.01022EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/20 4:0 p.m.48 views

Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

5.8CVSS6.4AI score0.00666EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/20 4:0 p.m.48 views

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient inp...

7.5CVSS7.6AI score0.01333EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/13 4:0 p.m.48 views

Cisco IOS XE Software IPSec Denial of Service Vulnerability

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

6.8CVSS7.7AI score0.01259EPSS
Exploits0References1
Total number of security vulnerabilities5000