Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2021/09/22 4:0 p.m.32 views

Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this...

6.5CVSS6.6AI score0.00944EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.32 views

Cisco SD-WAN Software Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an...

5.5CVSS5.5AI score0.00225EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.32 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

8.6CVSS8.5AI score0.01895EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.32 views

Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of mDNS packets. An attacker...

8.6CVSS8.5AI score0.0151EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/26 4:0 p.m.32 views

Cisco NX-OS Software Call Home Command Injection Vulnerability

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system OS. The vulnerability is due to insufficient input validation of specific Call...

7.2CVSS1.6AI score0.02584EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/19 4:0 p.m.32 views

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when t...

8.8CVSS8.9AI score
Exploits0References1
Cisco
Cisco
added 2020/08/19 4:0 p.m.32 views

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could...

8.8CVSS9AI score0.01792EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/19 4:0 p.m.32 views

Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

9.8CVSS9.5AI score0.01389EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.32 views

Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

8.6CVSS8.7AI score0.01956EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.32 views

Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability

A vulnerability in how Cisco Firepower Threat Defense FTD Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service DoS condition...

5.3CVSS5.5AI score0.01675EPSS
Exploits0References1
Cisco
Cisco
added 2020/04/15 4:0 p.m.32 views

Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol handler of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficien...

8.6CVSS1.5AI score0.01434EPSS
Exploits0References1
Cisco
Cisco
added 2020/04/15 4:0 p.m.32 views

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details "details"...

9.8CVSS8.4AI score0.88374EPSS
Exploits7References1
Cisco
Cisco
added 2020/02/05 4:0 p.m.32 views

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing...

8.8CVSS1.7AI score0.05728EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.32 views

Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability

A vulnerability in the implementation of Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect processing of a BGP update message that...

7.4CVSS6.7AI score0.01066EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/08 4:0 p.m.32 views

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...

6.1CVSS1.2AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.32 views

Cisco Prime Network Registrar Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS1.4AI score0.01057EPSS
Exploits0References1
Cisco
Cisco
added 2019/04/17 4:0 p.m.32 views

Cisco Prime Network Registrar Denial of Service Vulnerability

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service DoS condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...

8.6CVSS1.2AI score0.02443EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.32 views

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

6.5CVSS0.9AI score0.01895EPSS
Exploits0References1
Cisco
Cisco
added 2018/08/15 4:0 p.m.32 views

Cisco Digital Network Architecture Center Command Injection Vulnerability

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this...

6.5CVSS2.3AI score0.0614EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.32 views

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of...

7.5CVSS1.2AI score0.0254EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.32 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...

6.1CVSS1.6AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is...

5.8CVSS1.5AI score0.03381EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could...

6.1CVSS1AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...

8.1CVSS3.1AI score0.00719EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco Firepower Threat Defense Software Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer SSL Access Control AC policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.32 views

Cisco Meeting Server Remote Code Execution Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces an...

8.8CVSS1.4AI score0.04152EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.32 views

Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...

6.5CVSS1.7AI score0.01573EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.32 views

Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

4.2CVSS6.8AI score0.00447EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.32 views

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of t...

9.9CVSS8.7AI score0.03175EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.32 views

Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...

6.5CVSS6.4AI score0.01526EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.32 views

Cisco Prime LAN Management Solution Session Fixation Vulnerability

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. ...

4.3CVSS6.5AI score0.01961EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.32 views

Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart. The vulnerability is due to insufficient rate-limiting protection...

7.5CVSS7.5AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.32 views

Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability

A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...

4.9CVSS6.3AI score0.01203EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.32 views

Cisco Finesse Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...

6.1CVSS6AI score0.01234EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.32 views

Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability

A vulnerability in the cache server within Cisco Videoscape Distribution Suite VDS for Television could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted...

8.6CVSS7.6AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/26 4:0 p.m.32 views

Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane ACP of an affected system and view ACP packets that are transferred in clear text within an affected system. T...

7.4CVSS6.4AI score0.0043EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.32 views

Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation of Cisco IP Phone 8851 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulatin...

5.8CVSS5.3AI score0.02373EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.32 views

Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a race condition that could occur when the affected software processes an...

6.3CVSS6.4AI score0.01683EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.32 views

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...

4.7CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.32 views

Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

4.3CVSS7.6AI score0.02786EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.32 views

Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. The vulnerability is due to a logic flaw in a corner case scenario. An...

5CVSS7.6AI score0.02547EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.32 views

Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability

A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering functionality of the...

5CVSS7.7AI score0.01634EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 12:0 p.m.32 views

Cisco Identity Services Engine SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit...

4.9CVSS7.6AI score0.01102EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.32 views

Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list...

7.8CVSS7.8AI score0.03283EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/14 4:0 p.m.32 views

Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

4.3CVSS6.2AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/07 4:0 p.m.32 views

Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability

A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the...

5.8CVSS9.2AI score0.01448EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/02 12:30 p.m.32 views

Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability

A vulnerability in the implementation of Point-to-Point Tunneling Protocol PPTP server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously used. The vulnerability is due to the use of a previously used packet...

5CVSS5.5AI score0.01262EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/04 4:0 p.m.32 views

Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

A vulnerability in the processing of Network Time Protocol NTP packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service DoS condition on the affected device. The vulnerability is due to insufficient checks ...

7.8CVSS7.4AI score0.01939EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/27 8:0 a.m.32 views

Cisco Firepower Management Center Web Interface Code Injection Vulnerability

A vulnerability in the web interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to modify a page in the web interface. The vulnerability is due to improper sanitization of some parameter values. An attacker could exploit this vulnerability by injecting...

4CVSS6.5AI score0.00894EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/04 4:0 p.m.32 views

Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability

A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance ASA 5585-X FirePOWER Security Services Processor SSP module could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of...

7.8CVSS7.5AI score0.01931EPSS
Exploits0References1
Total number of security vulnerabilities5000