Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

8.2CVSS8.2AI score0.00411EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Small Business 300 Series Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability exists because the affect...

6.1CVSS1.2AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability

A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending...

4.3CVSS1.3AI score0.0045EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by...

4.3CVSS0.7AI score0.01008EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.36 views

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

8.6CVSS1.7AI score0.01919EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.36 views

Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachme...

9.6CVSS9.6AI score0.03247EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.36 views

Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to incomplete input...

7.4CVSS2.1AI score0.00523EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.36 views

Cisco IOS XE Software REST API Authorization Bypass Vulnerability

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...

5CVSS2.6AI score0.01329EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.36 views

Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

4.4CVSS4.6AI score0.00325EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.36 views

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5.3CVSS5.1AI score0.02247EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.36 views

Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability

A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service DoS condition. The...

7.4CVSS6.6AI score0.02034EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.36 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS6AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.36 views

Cisco Yes Set-Top Box Denial of Service vulnerability

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

7.5CVSS7.6AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.36 views

Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability

A vulnerability in the IPv6 Simple Network Management Protocol SNMP code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this...

6.3CVSS5.3AI score0.01647EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/23 4:0 p.m.36 views

Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability ...

6.7CVSS6.9AI score0.00841EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.36 views

Cisco Prime Infrastructure HTML Injection Vulnerability

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An...

5.4CVSS5.6AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.36 views

Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

5.7CVSS5.8AI score0.00345EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.36 views

Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability

A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...

4.9CVSS6.3AI score0.01203EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.36 views

Cisco Identity Services Engine Guest Portal Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected device. The vulnerability is due to insufficient...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.36 views

Cisco FindIT Network Probe Information Disclosure Vulnerability

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control RB...

6.5CVSS6.5AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/22 4:0 p.m.36 views

Cisco IOS XE Software Web User Interface Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attack...

8.6CVSS7.7AI score0.02479EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.36 views

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

5.8CVSS5.7AI score0.01935EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/01 4:0 p.m.36 views

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficie...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/25 4:0 p.m.36 views

Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...

8.6CVSS8.7AI score0.03491EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/25 4:0 p.m.36 views

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...

8.6CVSS8.5AI score0.02662EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.36 views

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed I...

5.3CVSS5.3AI score0.02943EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.36 views

Cisco WebEx Meetings Server Command Bypass Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. The vulnerability is due to insufficient security configurations of bash in interactive mode. An attacker could exploit this vulnerability by...

5.4CVSS7.2AI score0.01895EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.36 views

Cisco IOS Frame Forwarding Denial of Service Vulnerability

A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could...

6.1CVSS6.4AI score0.00641EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.36 views

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

5CVSS7.5AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.36 views

Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability

A vulnerability in the Session Description Protocol SDP parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media...

7.5CVSS10AI score0.03984EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/07 4:0 p.m.36 views

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...

5CVSS5.3AI score0.01244EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.36 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation for some of t...

4.3CVSS6.1AI score0.0085EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/30 5:30 p.m.36 views

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

A vulnerability in Cisco Configuration Assistant CCA could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication. The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could...

5.8CVSS8.4AI score0.0112EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/22 2:0 p.m.36 views

Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability

A vulnerability in the Message Filter and Content Filter of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to improper handling of content in .zip files. An attacker could...

4.3CVSS7.6AI score0.01219EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/31 10:30 a.m.36 views

Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability

A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due ...

5CVSS7.3AI score0.03406EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/23 4:0 p.m.36 views

Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

A vulnerability in the Locator/ID Separation Protocol LISP of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an...

7.8CVSS7.7AI score0.03717EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/24 4:0 p.m.36 views

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...

8.5CVSS9.1AI score0.02801EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/10 12:0 a.m.36 views

Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vulnerability

A vulnerability in the SSH management interface of the Cisco Unified Computing System UCS 6200 Series Fabric Interconnect Series Switch could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because a fabric interconnect interface might not boot completely up o...

5.4CVSS6.8AI score0.02333EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/02 12:0 a.m.36 views

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation...

4.3CVSS5.7AI score0.0136EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 9:46 p.m.36 views

Cisco Firepower 9000 Series Switch Clickjacking Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...

5CVSS6.6AI score0.00838EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 12:0 a.m.36 views

Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Firepower 9000 devices could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...

4.3CVSS5.7AI score0.00961EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 10:0 a.m.36 views

Cisco Unified Border Element Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...

5CVSS6.7AI score0.01966EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/23 4:0 p.m.36 views

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

9.3CVSS6.7AI score0.04388EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/18 2:17 p.m.36 views

Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...

4CVSS6.9AI score0.0159EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/26 6:46 p.m.36 views

Cisco IP Phone 7861 Denial of Service Vulnerability

A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...

5.4CVSS6.4AI score0.01952EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/14 3:56 p.m.36 views

Cisco Access Control Server File Inclusion Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...

4.3CVSS7AI score0.0111EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/15 4:0 p.m.36 views

Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

A vulnerability in a Cisco-signed Java Archive JAR executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privilege...

9.3CVSS7.4AI score0.03074EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/25 4:0 p.m.36 views

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

A vulnerability within the virtual routing and forwarding VRF subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 ICMPv4 messages received on ...

7.8CVSS6.7AI score0.01694EPSS
Exploits0References1
Cisco
Cisco
added 2014/12/22 5:24 p.m.36 views

Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability

A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...

5CVSS6.5AI score0.02863EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/19 5:5 p.m.36 views

Cisco Adaptive Security Appliance Software Crafter RADIUS Packets Denial of Service Vulnerability

A vulnerability in the implementation of the Remote Authentication Dial-in User Services RADIUS code of Cisco ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to insufficient validation of RADIUS packets including crafted...

6.3CVSS6.5AI score0.01178EPSS
Exploits0References1
Total number of security vulnerabilities5000