Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2018/10/03 4:0 p.m.31 views

Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a...

8.1CVSS1.3AI score0.01099EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.31 views

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

7.8CVSS2.7AI score0.00471EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.31 views

Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the...

9.8CVSS1.3AI score0.02725EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.31 views

Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

5.1CVSS1.1AI score0.00413EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.31 views

Cisco Meeting Server Media Services Denial of Service Vulnerability

A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...

7.5CVSS2.1AI score0.03381EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.31 views

Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...

5.8CVSS1.8AI score0.01454EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.31 views

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

6.7CVSS3.7AI score0.00424EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.31 views

Cisco Elastic Services Controller Information Disclosure Vulnerability

A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by...

4CVSS0.9AI score0.00296EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.31 views

Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video SDV or video on demand VoD streams, resulting in a denial of service DoS condition. The vulnerability is due ...

5.8CVSS7.6AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.31 views

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP on the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the devic...

6.8CVSS6.7AI score0.02032EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.31 views

Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability

A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...

4.3CVSS4.4AI score0.01339EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/19 4:0 p.m.31 views

Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.4CVSS5.5AI score0.01228EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.31 views

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...

8.8CVSS8.8AI score0.02046EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...

6.1CVSS6.3AI score0.01154EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a...

6.5CVSS5.8AI score0.00938EPSS
Exploits2References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.2AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.31 views

Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...

4.4CVSS7.7AI score0.00886EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/10 4:0 p.m.31 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...

7.5CVSS7.7AI score0.02021EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.31 views

Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability

A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...

5.4CVSS6.9AI score0.01825EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.31 views

Cisco IOS XE Software Startup Script Local Command Execution Vulnerability

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient validati...

6.4CVSS6.9AI score0.00503EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.31 views

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call...

6.1CVSS6AI score0.0132EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.31 views

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...

6.5CVSS6.7AI score0.00769EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.31 views

Cisco Meeting Server API Denial of Service Vulnerability

A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this...

6.5CVSS7.5AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.31 views

Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 IKEv2 code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper handling of crafted IKEv2 packets. The vulnerability applies only to IKEv2 devic...

6.3CVSS6.7AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.31 views

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...

7.1CVSS7.8AI score0.03213EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.31 views

Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability

A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System wIPS implementation in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the wIPS process on the WLC unexpectedly restarts. The...

6.1CVSS6.4AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.31 views

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...

6.8CVSS8.3AI score0.01269EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/10 4:0 p.m.31 views

Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor RP of an affected device, which could cause the device to drop all control-plan...

7.8CVSS7.5AI score0.02868EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/14 5:0 p.m.31 views

Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this...

4CVSS8.7AI score0.01786EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/20 2:30 p.m.31 views

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...

6CVSS7AI score0.00272EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/15 4:0 p.m.31 views

Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...

6.8CVSS6.8AI score0.0165EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/19 7:53 p.m.31 views

Cisco IOS XR Software LPTS Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS network stack of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability is due to improper handling of flow base entries by LPTS...

5CVSS7.5AI score0.01765EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/17 9:46 p.m.31 views

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/28 3:0 p.m.31 views

Cisco Information Server XML Parser Denial of Service Vulnerability

A vulnerability in the default configuration of the XML parser component of Cisco Information Server CIS could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service DoS condition on a targeted...

6.4CVSS9.5AI score0.01574EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/12 6:53 p.m.31 views

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters...

4.3CVSS6AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/06 4:0 p.m.31 views

Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.24.18 could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A...

7.1CVSS5.7AI score0.01592EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/06 4:0 p.m.31 views

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...

7.8CVSS7.6AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/28 7:0 p.m.31 views

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...

4CVSS6AI score0.00792EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/01 10:0 a.m.31 views

Cisco Fog Director Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...

4.3CVSS6.1AI score0.00773EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/27 5:21 p.m.31 views

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection UC could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by...

4.3CVSS6AI score0.00773EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/15 8:38 p.m.31 views

Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability

Cisco FireSIGHT Management Center MC contains a DOM-based cross-site scripting vulnerability XSS in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack. The vulnerability is due to mishandling ...

4.3CVSS6AI score0.01122EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/11 12:0 a.m.31 views

Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability

A vulnerability in the Distributed Computing Environment/Remote Procedure Calls DCERPC Inspection feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC...

4.3CVSS4.7AI score0.01169EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/10 7:30 a.m.31 views

Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder CER could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability b...

4CVSS6.7AI score0.0162EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/16 12:0 a.m.31 views

Cisco Firepower 9000 Unauthenticated File Access Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switches could allow an unauthenticated, remote attacker to view certain files on the device that should be restricted. The vulnerability is due to lack of proper authentication checks when a request to download and view a...

5CVSS6.7AI score0.01217EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/11 10:30 a.m.31 views

Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored, cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

4CVSS5.8AI score0.01075EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/04 4:0 p.m.31 views

Cisco Mobility Services Engine Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Mobility Services Engine MSE appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or...

6.8CVSS6.5AI score0.0039EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 12:0 a.m.31 views

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...

4.3CVSS5.7AI score0.0136EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/30 7:4 p.m.31 views

Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...

4CVSS6.1AI score0.0159EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/21 8:28 p.m.31 views

Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability

A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...

5CVSS6.2AI score0.01965EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 9:16 p.m.31 views

Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...

4CVSS6.6AI score0.02456EPSS
Exploits0References1
Total number of security vulnerabilities5000