Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2019/05/15 4:0 p.m.36 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to...

6.5CVSS1AI score0.13856EPSS
Exploits1References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.36 views

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

6.8CVSS1.8AI score0.01697EPSS
Exploits0References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.36 views

Cisco Directory Connector Search Order Hijacking Vulnerability

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their...

5.1CVSS0.8AI score0.00383EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

8.2CVSS8.2AI score0.00411EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.36 views

Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...

8.1CVSS2AI score0.01511EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.36 views

Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...

6.4CVSS2.1AI score0.00361EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.36 views

Cisco Webex Player WRF Files Denial of Service Vulnerability

A vulnerability in the Cisco Webex Player for Webex Recording Format WRF files could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and...

5.5CVSS1AI score0.01716EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.36 views

Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

5.1CVSS1.1AI score0.00413EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.36 views

Cisco IOS XE Software REST API Authorization Bypass Vulnerability

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...

5CVSS2.6AI score0.01329EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.36 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

6.1CVSS2.6AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.36 views

Cisco Policy Suite RADIUS Authentication Bypass Vulnerability

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user...

7.2CVSS7.1AI score0.0108EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.36 views

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

5.7CVSS6.3AI score0.007EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.36 views

Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability

A vulnerability in the Operations, Administration, Maintenance, and Provisioning OAMP credential reset functionality for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation...

8.8CVSS8.8AI score0.02182EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/13 4:0 p.m.36 views

Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

9.1CVSS9.4AI score0.03134EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.36 views

Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability

A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...

4.3CVSS4.4AI score0.01339EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.36 views

Cisco Finesse Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...

6.1CVSS6AI score0.01234EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.36 views

Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery CSRF attacks. An attacker could exploit this...

6.5CVSS9AI score0.00831EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.36 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.2AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.36 views

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

5.8CVSS5.7AI score0.01935EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/25 4:0 p.m.36 views

Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...

8.6CVSS8.7AI score0.03491EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.36 views

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing...

5.3CVSS9AI score0.01121EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.36 views

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit...

5CVSS7.5AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.36 views

Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the Cisco application-hosting framework CAF of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability...

6.8CVSS6.4AI score0.02517EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.36 views

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router ASR 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit NPU process. The vulnerability is due to lack of proper input...

5CVSS7.5AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.36 views

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...

4.3CVSS5.7AI score0.01121EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.36 views

Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability

A vulnerability in the Session Description Protocol SDP parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media...

7.5CVSS10AI score0.03984EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.36 views

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability

A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is du...

7.8CVSS7.6AI score0.03045EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.36 views

Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could...

4.3CVSS6.1AI score0.01417EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/03 4:0 p.m.36 views

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to the failure to properly sanitize user input passed to the...

6CVSS9AI score0.02894EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/30 5:30 p.m.36 views

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

A vulnerability in Cisco Configuration Assistant CCA could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication. The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could...

5.8CVSS8.4AI score0.0112EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/17 12:0 a.m.36 views

Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...

6.1CVSS6.5AI score0.00574EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/31 10:30 a.m.36 views

Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability

A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due ...

5CVSS7.3AI score0.03406EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/04 4:0 p.m.36 views

Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability

A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance ASA 5585-X FirePOWER Security Services Processor SSP module could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of...

7.8CVSS7.5AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/04 4:0 p.m.36 views

Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability

A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper packet...

7.8CVSS7.6AI score0.01649EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/23 4:0 p.m.36 views

Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

A vulnerability in the Locator/ID Separation Protocol LISP of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an...

7.8CVSS7.7AI score0.03717EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/24 9:0 p.m.36 views

Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability

A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page. The vulnerability is due to verbose output returned when HTML files are retrieved...

5CVSS5.1AI score0.01061EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/04 1:30 p.m.36 views

Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability

A vulnerability in Open Shortest Path First OSPF Link State Advertisement LSA handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the number of OSPF Path Computation Elements PCEs that are...

5CVSS7.5AI score0.01765EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/09 10:30 a.m.36 views

Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability

A vulnerability in Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the version of Cisco FirePOWER Management Center software that is running on an affected system. An attacker could use this information to conduct reconnaissance attack...

5CVSS6.1AI score0.01196EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/20 11:0 a.m.36 views

Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by persuading a user of...

4.3CVSS6.8AI score0.00587EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/03 5:53 p.m.36 views

Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability

A vulnerability in the WeChat page of Cisco Social Miner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of the...

4.3CVSS6.7AI score0.01372EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 10:0 a.m.36 views

Cisco Unified Border Element Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...

5CVSS6.7AI score0.01966EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/12 10:0 p.m.36 views

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

4.3CVSS6.3AI score0.00364EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/08 9:30 p.m.36 views

Cisco Prime Renegotiation Request Denial of Service Vulnerability

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...

5CVSS7.6AI score0.02005EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/18 2:17 p.m.36 views

Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...

4CVSS6.9AI score0.0159EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/22 4:0 p.m.36 views

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper...

8.5CVSS6.6AI score0.02246EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/26 6:46 p.m.36 views

Cisco IP Phone 7861 Denial of Service Vulnerability

A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...

5.4CVSS6.4AI score0.01952EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/14 3:56 p.m.36 views

Cisco Access Control Server File Inclusion Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...

4.3CVSS7AI score0.0111EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/15 4:0 p.m.36 views

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers ASR could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only...

7.1CVSS6.9AI score0.03427EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/25 4:0 p.m.36 views

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

A vulnerability within the virtual routing and forwarding VRF subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 ICMPv4 messages received on ...

7.8CVSS6.7AI score0.01681EPSS
Exploits0References1
Cisco
Cisco
added 2014/12/22 5:24 p.m.36 views

Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability

A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...

5CVSS6.5AI score0.02863EPSS
Exploits0References1
Total number of security vulnerabilities5000