Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2020/09/24 4:0 p.m.40 views

Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service DoS condition on the device. The vulnerability is due to insufficient...

7.4CVSS7.4AI score0.00533EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.40 views

Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions...

5.5CVSS0.3AI score0.00351EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.40 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a...

8.6CVSS8.5AI score0.02128EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.40 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to...

6.5CVSS1AI score0.13856EPSS
Exploits1References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.40 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to...

6.7CVSS2.4AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.40 views

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments...

4.2CVSS3AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.40 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability

A vulnerability in the detection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software...

4.3CVSS4.8AI score0.00706EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.40 views

Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An...

9.8CVSS0.8AI score0.03441EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.40 views

Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability

A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP...

7.2CVSS1.2AI score0.02253EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/15 4:0 p.m.40 views

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

5.4CVSS1.9AI score0.0091EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.40 views

Cisco Policy Suite Read-Only User Effect Change Vulnerability

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing th...

6.5CVSS1.3AI score0.00937EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.40 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services CFS component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric...

9.8CVSS3AI score0.05958EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.40 views

Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service DoS condition...

9.8CVSS2.9AI score0.08074EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.40 views

Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...

6.3CVSS6.9AI score0.01103EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.40 views

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format .arf files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to...

6.5CVSS7.2AI score0.01674EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.40 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL...

4.3CVSS5AI score0.0113EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.40 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

5.4CVSS5.4AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.40 views

Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...

6.8CVSS7.6AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.40 views

Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability

A vulnerability in the dynamic access control list ACL feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic...

4.7CVSS4.8AI score0.00785EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.40 views

Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS6.1AI score0.01217EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.40 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

6.1CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.40 views

Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

A vulnerability in the Transaction Language 1 TL1 code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks o...

10CVSS9.7AI score0.04899EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.40 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. The vulnerability is...

6.5CVSS8.6AI score0.02975EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/08 4:30 p.m.40 views

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is...

7.8CVSS7.6AI score0.01939EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/14 8:0 a.m.40 views

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the command-line utility of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this...

6.8CVSS7.9AI score0.00331EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/01 4:0 p.m.40 views

Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly...

7.5CVSS9.9AI score0.01663EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/12 7:0 a.m.40 views

Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability

A vulnerability in packet processing functions of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause cyclic redundancy check CRC and symbol errors on the receiving interface of an affected device, which may...

4.3CVSS5.3AI score0.01739EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/23 9:31 p.m.40 views

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

6.8CVSS6.5AI score0.0138EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/23 4:0 p.m.41 views

Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this...

7.1CVSS7.7AI score0.01948EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/21 4:0 p.m.40 views

Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key...

7.8CVSS6.6AI score0.02175EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/06 12:0 a.m.40 views

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

A vulnerability in the process management code of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker...

6.6CVSS6.8AI score0.00389EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/22 4:0 p.m.40 views

Cisco IOS Software TFTP Server Denial of Service Vulnerability

A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability...

7.1CVSS6.5AI score0.02333EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/01 4:0 p.m.40 views

Cisco Unified Communications Domain Manager Default Static Privileged Account Credentials

A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user and take full control of the affected system. The vulnerability occurs because a privileged account has a default and...

10CVSS6.7AI score0.01948EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/13 4:0 p.m.40 views

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software contains the following vulnerabilities: Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability Successful exploitation of the Cisco TelePresence TC and TE...

8.3CVSS6.9AI score0.01901EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/25 4:0 p.m.40 views

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers ASR, Cisco 4400 Series Integrated Services Routers ISR, and Cisco Cloud Services Routers CSR 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability...

8.3CVSS7.8AI score
Exploits0References1
Cisco
Cisco
added 2015/03/25 4:0 p.m.40 views

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

The Cisco IOS Software implementation of the Common Industrial Protocol CIP feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition: Cisco IOS Software UDP CIP Denial of...

7.8CVSS6.8AI score
Exploits0References1
Cisco
Cisco
added 2014/09/24 4:0 p.m.40 views

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker coul...

7.8CVSS6.7AI score0.02778EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/09 4:0 p.m.40 views

Multiple Vulnerabilities in Cisco Firewall Services Module Software

Cisco Firewall Services Module FWSM Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQLNet Inspection Engine Denial of Service Vulnerability These vulnerabilities are...

7.1CVSS6.5AI score
Exploits0References1
Cisco
Cisco
added 2011/09/28 4:0 p.m.40 views

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software network address translation NAT feature contains multiple denial of service DoS vulnerabilities in the translation of the following protocols: NetMeeting Directory Lightweight Directory Access Protocol, LDAP Session Initiation Protocol. Multiple vulnerabilities H.323 protoc...

7.8CVSS7.8AI score0.01787EPSS
Exploits0References1
Cisco
Cisco
added 2010/09/22 4:0 p.m.40 views

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol SIP implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Cisco has released software updates that address these...

7.8CVSS6.6AI score
Exploits0References1
Cisco
Cisco
added 2009/03/04 4:0 p.m.40 views

Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS6AI score0.02306EPSS
Exploits1References1
Cisco
Cisco
added 2009/02/25 4:0 p.m.40 views

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

10CVSS5.9AI score0.01839EPSS
Exploits1References1
Cisco
Cisco
added 2024/05/22 4:0 p.m.39 views

Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System IPS rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker coul...

5.8CVSS5.7AI score0.00366EPSS
Exploits0References1
Cisco
Cisco
added 2024/02/07 4:0 p.m.39 views

Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities

Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks, which could allow the attacker to perform arbitrary actions on an affected device. Note: Cisco Expressway Series refers to Cisco Expressway...

9.6CVSS8.3AI score0.00846EPSS
Exploits0References1
Cisco
Cisco
added 2023/09/27 4:0 p.m.39 views

Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability

A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. This...

8.6CVSS7.8AI score0.00652EPSS
Exploits0References1
Cisco
Cisco
added 2023/08/02 4:0 p.m.39 views

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...

5.8CVSS5.6AI score0.00476EPSS
Exploits0References1
Cisco
Cisco
added 2023/06/07 4:0 p.m.39 views

Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cis...

9.6CVSS7.6AI score0.00914EPSS
Exploits0References1
Cisco
Cisco
added 2023/03/22 4:0 p.m.39 views

Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...

7.4CVSS6.7AI score0.00303EPSS
Exploits0References1
Cisco
Cisco
added 2023/03/22 4:0 p.m.39 views

Cisco Access Point Software Command Injection Vulnerability

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

4.6CVSS6AI score0.00236EPSS
Exploits0References1
Cisco
Cisco
added 2023/01/11 4:0 p.m.39 views

Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...

6.1CVSS6AI score0.00588EPSS
Exploits0References1
Total number of security vulnerabilities5000