Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2017/07/05 4:0 p.m.31 views

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...

8.8CVSS8.8AI score0.02046EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...

6.1CVSS6.3AI score0.01154EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.2AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.31 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a...

6.5CVSS5.8AI score0.00938EPSS
Exploits2References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.31 views

Cisco Ultra Services Platform Information Disclosure Vulnerability

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...

5.5CVSS5.2AI score0.00307EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.31 views

Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...

4.4CVSS7.7AI score0.00886EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.31 views

Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...

6.5CVSS6.4AI score0.07844EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.31 views

Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails ...

6.5CVSS6.4AI score0.05883EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/10 4:0 p.m.31 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...

7.5CVSS7.7AI score0.02021EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.31 views

Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability

A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...

5.4CVSS6.9AI score0.01825EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.31 views

Cisco IOS XE Software Startup Script Local Command Execution Vulnerability

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient validati...

6.4CVSS6.9AI score0.00503EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.31 views

Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The...

4.3CVSS6.5AI score0.00662EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.31 views

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call...

6.1CVSS6AI score0.0132EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.31 views

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...

6.5CVSS6.7AI score0.00769EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.31 views

Cisco Meeting Server API Denial of Service Vulnerability

A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this...

6.5CVSS7.5AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.31 views

Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 IKEv2 code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper handling of crafted IKEv2 packets. The vulnerability applies only to IKEv2 devic...

6.3CVSS6.7AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.31 views

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...

7.1CVSS7.8AI score0.03213EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.31 views

Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability

A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System wIPS implementation in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the wIPS process on the WLC unexpectedly restarts. The...

6.1CVSS6.4AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/10 4:0 p.m.31 views

Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor RP of an affected device, which could cause the device to drop all control-plan...

7.8CVSS7.5AI score0.02868EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/14 5:0 p.m.31 views

Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...

4.3CVSS5.9AI score0.01417EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/20 2:30 p.m.31 views

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...

6CVSS7AI score0.00272EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/15 4:0 p.m.31 views

Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...

6.8CVSS6.8AI score0.0165EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/19 7:53 p.m.31 views

Cisco IOS XR Software LPTS Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS network stack of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability is due to improper handling of flow base entries by LPTS...

5CVSS7.5AI score0.01765EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/17 9:46 p.m.31 views

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/06 4:0 p.m.31 views

Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.24.18 could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A...

7.1CVSS5.7AI score0.01592EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/06 4:0 p.m.31 views

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...

7.8CVSS7.6AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/28 7:0 p.m.31 views

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...

4CVSS6AI score0.00792EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/01 10:0 a.m.31 views

Cisco Fog Director Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...

4.3CVSS6.1AI score0.00773EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/15 8:38 p.m.31 views

Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability

Cisco FireSIGHT Management Center MC contains a DOM-based cross-site scripting vulnerability XSS in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack. The vulnerability is due to mishandling ...

4.3CVSS6AI score0.01122EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/11 12:0 a.m.31 views

Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability

A vulnerability in the Distributed Computing Environment/Remote Procedure Calls DCERPC Inspection feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC...

4.3CVSS4.7AI score0.01169EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/04 1:30 p.m.31 views

Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability

A vulnerability in Open Shortest Path First OSPF Link State Advertisement LSA handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the number of OSPF Path Computation Elements PCEs that are...

5CVSS7.5AI score0.01765EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/10 7:30 a.m.31 views

Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder CER could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability b...

4CVSS6.7AI score0.0162EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/04 4:0 p.m.31 views

Cisco Mobility Services Engine Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Mobility Services Engine MSE appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or...

6.8CVSS6.5AI score0.0039EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/04 4:0 p.m.31 views

Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...

7.8CVSS6.7AI score0.01925EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 12:0 a.m.31 views

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...

4.3CVSS5.7AI score0.0136EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/30 7:4 p.m.31 views

Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...

4CVSS6.1AI score0.0159EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/21 8:28 p.m.31 views

Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability

A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...

5CVSS6.2AI score0.01965EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 9:16 p.m.31 views

Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...

4CVSS6.6AI score0.02456EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/28 10:5 p.m.31 views

Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafti...

4.6CVSS5.9AI score0.00292EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/27 10:22 p.m.31 views

Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of multiple Cisco products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...

4.3CVSS5.7AI score0.01786EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/15 9:24 p.m.31 views

Cisco WebEx Meetings Server Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted data in a...

4.9CVSS7.2AI score0.02547EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/13 10:18 p.m.31 views

Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communications Manager, formerly known as CallManager, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerabilit...

4.3CVSS5.7AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/01 8:10 p.m.31 views

Cisco Adaptive Security Appliance SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of SNMP packets. An attacker could exploit th...

6.8CVSS6.3AI score0.0174EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/29 5:26 p.m.31 views

Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

5CVSS6.9AI score0.03427EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/23 5:53 p.m.31 views

Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to a lack of checks...

6.8CVSS6.5AI score0.00414EPSS
Exploits2References1
Cisco
Cisco
added 2015/06/22 9:41 p.m.31 views

Cisco WebEx Meetings Meeting Access Number Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to discover the meeting access number. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by accessing the web page containing meeting...

4.3CVSS6.2AI score0.02709EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/05 12:35 a.m.31 views

Cisco Edge 340 Privilege Escalation Vulnerability

A vulnerability in the system configuration of Cisco Edge 340 could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by logging in to the...

6.8CVSS6.7AI score0.00387EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/03 8:21 p.m.31 views

Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities

Multiple vulnerabilities in the administrative web interface of the Cisco FireSIGHT Management Center could allow an attacker to conduct both cross-site scripting XSS and also arbitrary HTML command injection attacks. These vulnerabilities are due to improper user input validation. An attacker...

4.3CVSS6.4AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/18 6:29 p.m.31 views

Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability

A vulnerability in Lights-Out Management LOM functionality of the Sourcefire 3D System could allow an authenticated, remote attacker to upload arbitrary files to the baseboard management controller BMC on an affected device. The vulnerability is due to insufficient validation and sanitization of...

4CVSS6.8AI score0.02009EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/14 3:44 p.m.31 views

Cisco IOS Voice Gateway Malformed ISDN Q931 Message Denial of Service Vulnerability

A vulnerability in the Integrated Services Digital Network ISDN processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed ISDN Q931 SETUP messages. An attacker could exploit...

6.1CVSS6.4AI score0.00625EPSS
Exploits0References1
Total number of security vulnerabilities5000