Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2023/03/01 4:0 p.m.35 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...

5.4CVSS5.1AI score0.0045EPSS
Exploits0References1
Cisco
Cisco
added 2022/11/09 4:0 p.m.35 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN Authorization Bypass Vulnerability

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...

5.8CVSS5.8AI score0.00683EPSS
Exploits0References1
Cisco
Cisco
added 2022/10/05 4:0 p.m.35 views

Cisco Touch 10 Devices Downgrade Vulnerability

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...

6.5CVSS6.7AI score0.00266EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/28 4:0 p.m.35 views

Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of...

8.6CVSS8AI score0.00852EPSS
Exploits0References1
Cisco
Cisco
added 2022/08/03 4:0 p.m.35 views

Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management...

6.1CVSS6.3AI score0.00536EPSS
Exploits0References1
Cisco
Cisco
added 2022/05/04 4:0 p.m.35 views

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in the web engine of Cisco Telepresence CE Software and RoomOS Software could allow a remote attacker to cause a denial of service DoS condition, redirect users to an attacker controlled destination or view sensitive data on an affected device. For more information about...

6.5CVSS6.2AI score
Exploits0References1
Cisco
Cisco
added 2022/05/04 4:0 p.m.35 views

ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...

6.5CVSS6.2AI score0.00391EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/13 4:0 p.m.35 views

Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this...

7.3CVSS7.5AI score0.00581EPSS
Exploits0References1
Cisco
Cisco
added 2022/01/19 4:0 p.m.35 views

ConfD CLI Command Injection Vulnerability

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS2.4AI score0.00832EPSS
Exploits0References1
Cisco
Cisco
added 2021/11/17 4:0 p.m.35 views

Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability

A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit...

4.9CVSS5AI score0.01065EPSS
Exploits0References1
Cisco
Cisco
added 2021/11/03 4:0 p.m.35 views

Cisco Small Business RV Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This...

6.5CVSS6.9AI score0.01935EPSS
Exploits0References1
Cisco
Cisco
added 2021/07/07 4:0 p.m.35 views

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

6.3CVSS8AI score0.01879EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.35 views

Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient input validation when the ISDN...

7.4CVSS7.3AI score0.00433EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/02 4:0 p.m.35 views

Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

5.3CVSS1.5AI score0.01074EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/26 4:0 p.m.35 views

Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attack...

7.8CVSS7.8AI score0.00324EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/15 4:0 p.m.35 views

Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied...

9.8CVSS2.4AI score0.43626EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/15 4:0 p.m.35 views

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

7.4CVSS6.6AI score0.00527EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.35 views

Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability

A vulnerability in the Enhanced Charging Service ECS functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of...

5.3CVSS1.8AI score0.01011EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.35 views

Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by...

8.8CVSS1.2AI score0.03797EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.35 views

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot...

6.7CVSS5.2AI score0.00407EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.35 views

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance OVA. An attacker could exploit...

6.7CVSS3.2AI score0.00339EPSS
Exploits0References1
Cisco
Cisco
added 2020/03/04 4:0 p.m.35 views

Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable...

7.4CVSS7.3AI score0.00874EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/19 4:0 p.m.35 views

Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for users of XMPP conferencing applications. Other applications and processes are unaffected...

5.3CVSS2AI score0.01244EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/19 4:0 p.m.35 views

Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...

7.5CVSS1.4AI score0.01863EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/05 4:0 p.m.35 views

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...

8.8CVSS2.7AI score0.05098EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.35 views

Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of arguments passed to...

6.7CVSS6.9AI score0.00543EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.35 views

Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could...

7.5CVSS1.8AI score0.10053EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.35 views

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into argument...

6.7CVSS7.2AI score0.00663EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.35 views

Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...

4.8CVSS1.6AI score0.00862EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.35 views

Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS1AI score0.00922EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.35 views

Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5.3CVSS1.2AI score0.01116EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.35 views

Cisco SD-WAN Solution CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to t...

7.2CVSS2.7AI score0.02895EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.35 views

Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...

6.7CVSS3.7AI score0.00452EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.35 views

Cisco Policy Suite World-Readable Sensitive Data Vulnerability

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions. An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow t...

5.5CVSS1AI score0.00291EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.35 views

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server CMS could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports o...

7.4CVSS1.8AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.35 views

Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability

A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...

6.7CVSS1.5AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.35 views

Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.1AI score0.01818EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.35 views

Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point APs on Qualcomm Atheros QCA based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. A successful explo...

4.7CVSS1.6AI score0.00603EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.35 views

Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information...

5.9CVSS2.3AI score0.77755EPSS
Exploits1References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.35 views

Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by...

5.3CVSS1.9AI score0.00831EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Multiple Vulnerabilities in Cisco UCS Central Software

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. For more information...

5.4CVSS5.4AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format ARF and WebEx Recording Format WRF files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to...

9.6CVSS9.7AI score0.0298EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

6.5CVSS6.7AI score0.01301EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.35 views

Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.35 views

Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

4.2CVSS6.8AI score0.00447EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.35 views

Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker coul...

6.5CVSS6.5AI score0.01921EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.35 views

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP on the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the devic...

6.8CVSS6.7AI score0.02032EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.35 views

Cisco Policy Suite Privilege Escalation Vulnerability

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.35 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability

A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...

8.8CVSS8AI score0.02359EPSS
Exploits2References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.35 views

Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability

A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service DoS condition. The vulnerability is due to incomplete...

5.8CVSS5.5AI score0.02197EPSS
Exploits0References1
Total number of security vulnerabilities5000