Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2019/01/23 4:0 p.m.•126 views

Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system’s logging database. An attacker could exploit th...

6.1CVSS5.9AI score0.01079EPSS
Exploits0References1
Cisco
Cisco
•added 2018/12/19 4:0 p.m.•125 views

Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...

8.1CVSS8.1AI score0.02362EPSS
Exploits1References1
Cisco
Cisco
•added 2023/02/15 4:0 p.m.•124 views

ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS9.7AI score0.29314EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•124 views

Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

5.3CVSS1.5AI score0.00321EPSS
Exploits0References1
Cisco
Cisco
•added 2014/09/26 1:0 a.m.•124 views

GNU Bash Environment Variable Command Injection Vulnerability

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

6.5CVSS8.6AI score
Exploits0References1
Cisco
Cisco
•added 2020/01/02 4:0 p.m.•123 views

Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

7.2CVSS1.4AI score0.46935EPSS
Exploits10References1
Cisco
Cisco
•added 2019/07/17 4:0 p.m.•123 views

Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by...

6.6CVSS2.5AI score0.00472EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•123 views

Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for...

7.7CVSS2.2AI score0.01513EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•123 views

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol S...

5.3CVSS2.1AI score0.01317EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•123 views

Cisco Small Business Series Switches HTTP Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web...

7.5CVSS7.6AI score0.01772EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/19 4:0 p.m.•122 views

Cisco ADE-OS Local File Inclusion Vulnerability

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

4.4CVSS4.4AI score0.00212EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•122 views

Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability

A vulnerability in the Easy Virtual Switching System VSS feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an...

8.1CVSS9.5AI score0.03209EPSS
Exploits0References1
Cisco
Cisco
•added 2019/02/20 4:0 p.m.•122 views

Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this...

7.3CVSS1.1AI score0.01574EPSS
Exploits1References1
Cisco
Cisco
•added 2019/10/02 4:0 p.m.•121 views

Cisco Security Manager Java Deserialization Vulnerability

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

6.5CVSS3AI score0.65846EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/17 4:0 p.m.•121 views

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability

A vulnerability in the 802.11r Fast Transition FT implementation for Cisco IOS Access Points APs Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected interface. The vulnerability is due to a lack of complete error handling condition...

7.4CVSS2.1AI score0.00797EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•121 views

Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of Secure Sockets Layer SSL server certificates. An attacker could...

8.6CVSS1.5AI score0.01347EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•121 views

Cisco NX-OS Software Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could...

8.6CVSS1.6AI score0.14166EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/23 4:0 p.m.•121 views

Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

4.7CVSS2.4AI score0.00588EPSS
Exploits0References1
Cisco
Cisco
•added 2015/06/12 4:0 p.m.•121 views

Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research. Multiple Cisco products incorporate a version of the OpenSSL package affected by one...

7.8CVSS7.2AI score
Exploits0References1
Cisco
Cisco
•added 2023/08/08 3:0 p.m.•120 views

Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client

On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that...

7.3CVSS5.9AI score0.00681EPSS
Exploits2References1
Cisco
Cisco
•added 2019/06/05 4:0 p.m.•120 views

Cisco IOS XR Software Secure Shell Authentication Vulnerability

A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...

5.4CVSS0.8AI score0.01208EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/23 4:0 p.m.•120 views

Cisco Webex Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation...

6.1CVSS1.2AI score0.00918EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•120 views

Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...

8.6CVSS1.1AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
•added 2019/02/20 4:0 p.m.•119 views

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

6.1CVSS1.3AI score0.01211EPSS
Exploits0References1
Cisco
Cisco
•added 2025/10/15 4:0 p.m.•118 views

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive information or to restart. For more information about these...

6.5CVSS7.1AI score0.00396EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•118 views

Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

8.8CVSS2AI score0.0189EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/13 4:0 p.m.•117 views

Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

8.8CVSS8.7AI score0.01409EPSS
Exploits0References1
Cisco
Cisco
•added 2019/09/25 4:0 p.m.•117 views

Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway ALG functionality used by Network Address Translation NAT, NAT IPv6 to IPv4 NAT64, and the Zone-Based Policy Firewall ZBFW in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...

8.6CVSS1.4AI score0.01973EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/05 4:0 p.m.•117 views

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability

A vulnerability in Cisco TelePresence Video Communication Server VCS and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the...

5.3CVSS2.2AI score0.01516EPSS
Exploits0References1
Cisco
Cisco
•added 2019/02/20 4:0 p.m.•117 views

Cisco HyperFlex Software Command Injection Vulnerability

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster...

8.8CVSS1.8AI score0.01133EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•117 views

Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block TCB state. While this...

6.8CVSS6.8AI score0.02004EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/26 4:0 p.m.•117 views

Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 3 OSPFv3 implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could...

7.4CVSS2.2AI score0.00952EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•117 views

Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrar...

9.8CVSS2.2AI score0.06765EPSS
Exploits0References1
Cisco
Cisco
•added 2016/09/28 4:0 p.m.•117 views

Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting AAA service for remote Secure Shell Host SSH connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an...

7.1CVSS8AI score0.04603EPSS
Exploits0References1
Cisco
Cisco
•added 2021/04/28 4:0 p.m.•116 views

Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

8.6CVSS8.4AI score0.01386EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•116 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

7.4CVSS0.7AI score0.00633EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/05 4:0 p.m.•116 views

Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

5.4CVSS0.6AI score0.00893EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/23 4:0 p.m.•116 views

Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advance...

7.8CVSS2.2AI score0.0148EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•116 views

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability

A vulnerability in the Secure/Multipurpose Internet Mail Extensions S/MIME Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an affected device to corrupt...

8.6CVSS8.8AI score0.02287EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/02 4:0 p.m.•115 views

Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An...

7.5CVSS8.2AI score0.03123EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•115 views

Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...

7.8CVSS2.6AI score0.00419EPSS
Exploits0References1
Cisco
Cisco
•added 2019/05/15 4:0 p.m.•115 views

Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly...

8.6CVSS1.5AI score0.02617EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/20 4:0 p.m.•115 views

Cisco IP Phone 8800 Series Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service DoS condition. The vulnerability exists...

7.5CVSS7.7AI score0.01939EPSS
Exploits0References1
Cisco
Cisco
•added 2019/02/20 4:0 p.m.•115 views

Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability

A vulnerability in the Quality of Voice Reporting QOVR service of Cisco Prime Collaboration Assurance PCA Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this...

8.2CVSS1.8AI score0.01781EPSS
Exploits0References1
Cisco
Cisco
•added 2004/04/20 9:0 p.m.•115 views

TCP Vulnerabilities in Multiple Non-IOS Cisco Products

A vulnerability in the Transmission Control Protocol TCP specification RFC793 has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the...

5CVSS8.7AI score0.80855EPSS
Exploits3References1Affected Software32
Cisco
Cisco
•added 2022/08/10 4:0 p.m.•114 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key...

7.4CVSS7.7AI score0.16647EPSS
Exploits0References1
Cisco
Cisco
•added 2019/08/28 4:0 p.m.•114 views

Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability

A vulnerability in the Virtual Shell VSH session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no syst...

7.7CVSS0.8AI score0.01515EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•114 views

Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denia...

8.6CVSS2.3AI score0.02233EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•114 views

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

7.8CVSS2.5AI score0.0031EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•114 views

Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...

7.3CVSS8.6AI score0.02174EPSS
Exploits0References1
Total number of security vulnerabilities5000