Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2021/09/08 4:0 p.m.37 views

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...

7.8CVSS7.6AI score0.00301EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/08 4:0 p.m.37 views

Cisco IOS XR Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details...

6.7CVSS7AI score0.00282EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/08 4:0 p.m.37 views

Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service DoS condition. This vulnerability exists because certain DHCPv4 messages are improperly...

5.8CVSS6.5AI score0.01328EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/01 4:0 p.m.37 views

Cisco Nexus Insights Authenticated Information Disclosure Vulnerability

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control RBAC filters are not...

4.3CVSS4.6AI score0.00873EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/18 4:0 p.m.37 views

Cisco IoT Field Network Director Missing API Authentication Vulnerability

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

7.5CVSS7.4AI score0.01528EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.37 views

Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user. The vulnerability exists because the web-based management interface does not properly validate...

6.4CVSS6AI score0.00641EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.37 views

Cisco SD-WAN vManage Software Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

6.5CVSS6.3AI score0.01705EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.37 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

8.6CVSS8AI score0.01833EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.37 views

Cisco FXOS Software Command Injection Vulnerability

Update from October 23, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

6.7CVSS6.7AI score0.004EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.37 views

Cisco IOS XE Software Web UI Authorization Bypass Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized. The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this...

8.8CVSS8.7AI score0.00981EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.37 views

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in Role Based Access Control RBAC functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administrati...

8.8CVSS1.9AI score0.05325EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.37 views

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid...

7.2CVSS2.2AI score0.03531EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.37 views

Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an...

9.8CVSS3.9AI score0.04471EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.37 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the Media Gateway Control Protocol MGCP inspection feature of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The...

8.6CVSS7.8AI score0.01918EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/05 4:0 p.m.37 views

Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

8.8CVSS1.7AI score0.03095EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/29 4:0 p.m.37 views

Cisco Small Business Switches Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could...

7.5CVSS0.8AI score0.1027EPSS
Exploits3References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.37 views

Cisco IOS XE SD-WAN Software Default Credentials Vulnerability

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to ...

8.4CVSS8.5AI score0.00333EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.37 views

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed ...

6.7CVSS2.7AI score0.00463EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.37 views

Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. A...

8.6CVSS1.6AI score0.01772EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.37 views

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-lin...

5.3CVSS2.4AI score0.0064EPSS
Exploits0References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.37 views

Cisco Aironet Series Access Points Directory Traversal Vulnerability

A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...

4.4CVSS2AI score0.00768EPSS
Exploits0References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.37 views

Cisco Wireless LAN Controller Software Session Hijacking Vulnerability

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...

5.3CVSS1.9AI score0.02041EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.37 views

Cisco Unity Connection File Upload Denial of Service Vulnerability

A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...

4.1CVSS2.1AI score0.01823EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.37 views

Cisco UCS Director Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS1AI score0.012EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.37 views

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service DoS condition on an affect...

8.6CVSS1.7AI score0.02518EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.37 views

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

8.6CVSS1.7AI score0.01919EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.37 views

Cisco Prime Collaboration Provisioning Access Control Vulnerability

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictio...

8.8CVSS2.9AI score0.02625EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.37 views

Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

4.2CVSS2.7AI score0.00684EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.37 views

Cisco SocialMiner Notification System Denial of Service Vulnerability

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit th...

5.3CVSS1.8AI score0.01676EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.37 views

Cisco Digital Network Architecture Center Unauthorized Access Vulnerability

A vulnerability in the container management subsystem of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container...

10CVSS2.5AI score0.05398EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.37 views

Cisco Secure Access Control System Remote Code Execution Vulnerability

A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...

9.8CVSS9.7AI score0.07073EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.37 views

Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to incomplete input...

7.4CVSS2.1AI score0.00523EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.37 views

Cisco NX-OS System Software Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit thi...

6.7CVSS6.4AI score0.00227EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.37 views

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

4.4CVSS4.4AI score0.00367EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.37 views

Cisco WebEx Meetings Server Denial of Service Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this...

5.8CVSS8.5AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.37 views

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted,...

8.6CVSS7AI score0.01666EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.37 views

Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability

A vulnerability in the IPv6 Simple Network Management Protocol SNMP code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this...

6.3CVSS5.3AI score0.01647EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/23 4:0 p.m.37 views

Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability ...

6.7CVSS6.9AI score0.00841EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.37 views

Cisco Prime Infrastructure HTML Injection Vulnerability

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An...

5.4CVSS5.6AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.37 views

Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability

A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...

4.9CVSS6.3AI score0.01203EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.37 views

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...

5.3CVSS5.3AI score0.01702EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/22 4:0 p.m.37 views

Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted...

8.6CVSS7.8AI score0.02479EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.37 views

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. The vulnerability is due to incomplete input validation of email message...

5.8CVSS5.8AI score0.01525EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.37 views

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed I...

5.3CVSS5.3AI score0.02943EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.37 views

Cisco TelePresence Endpoints Local Command Injection Vulnerability

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this...

4.6CVSS6AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.37 views

Cisco Finesse Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

4.3CVSS8.9AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/03 4:0 p.m.37 views

Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability

A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device...

9CVSS9AI score0.02331EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/12 6:53 p.m.37 views

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters...

4.3CVSS6AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/15 2:0 p.m.37 views

Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability

A vulnerability in the processing of Cisco Discovery Protocol CDP packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted CD...

6.1CVSS6.4AI score0.0073EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/27 5:21 p.m.37 views

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection UC could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by...

4.3CVSS6AI score0.00773EPSS
Exploits0References1
Total number of security vulnerabilities5000