Lucene search
K
CiscoMost viewed

5224 matches found

Cisco
Cisco
added 2023/09/13 4:0 p.m.30 views

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

6.7CVSS6.8AI score0.00095EPSS
Exploits0References1
Cisco
Cisco
added 2023/08/02 4:0 p.m.30 views

Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

5.4CVSS5.3AI score0.00358EPSS
Exploits0References1
Cisco
Cisco
added 2023/07/19 4:0 p.m.30 views

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

4.4CVSS7.8AI score0.00148EPSS
Exploits0References1
Cisco
Cisco
added 2023/06/07 4:0 p.m.30 views

Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...

4.3CVSS6.6AI score0.00517EPSS
Exploits0References1
Cisco
Cisco
added 2023/05/17 4:0 p.m.30 views

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validat...

6.5CVSS6.7AI score0.01152EPSS
Exploits1References1
Cisco
Cisco
added 2023/02/01 4:0 p.m.30 views

Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

6CVSS6.1AI score0.0075EPSS
Exploits0References1
Cisco
Cisco
added 2022/11/09 4:0 p.m.30 views

Cisco Firepower Management Center Software Command Injection Vulnerabilities

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. These vulnerabilities are due to insufficient validation of user-supplied...

6.3CVSS7.7AI score
Exploits0References1
Cisco
Cisco
added 2022/11/09 4:0 p.m.30 views

Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance ASA Software or Cisco Firepower Threat Defense FTD Software could allow an unauthenticated attacker with physical access to the device to bypass the secure bo...

6.4CVSS6.7AI score0.00323EPSS
Exploits0References1
Cisco
Cisco
added 2022/11/02 4:0 p.m.30 views

Cisco Email Security Appliance and Cisco Secure Email and Web Manager HTTP Response Header Injection Vulnerability

A vulnerability in Cisco Email Security Appliance ESA and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input...

4.7CVSS5AI score0.00546EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/14 4:0 p.m.30 views

Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery...

4.3CVSS5.3AI score0.00958EPSS
Exploits0References1
Cisco
Cisco
added 2022/07/06 4:0 p.m.30 views

Cisco Unified Communications Products Timing Attack Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

5.3CVSS5.2AI score0.00871EPSS
Exploits0References1
Cisco
Cisco
added 2022/05/04 4:0 p.m.30 views

ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow a...

7.5CVSS7.6AI score0.05477EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/27 4:0 p.m.30 views

Cisco Firepower Management Center File Upload Security Bypass Vulnerability

A vulnerability in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to t...

6.5CVSS7.8AI score0.03902EPSS
Exploits0References1
Cisco
Cisco
added 2022/04/27 4:0 p.m.30 views

Cisco Firepower Management Center Software Information Disclosure Vulnerability

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a...

4.3CVSS5.3AI score0.00882EPSS
Exploits0References1
Cisco
Cisco
added 2022/01/12 4:0 p.m.30 views

Cisco IP Phones Information Disclosure Vulnerability

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device...

4.6CVSS4.4AI score0.00351EPSS
Exploits3References1
Cisco
Cisco
added 2021/11/03 4:0 p.m.30 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...

5.4CVSS5.2AI score0.0058EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/22 4:0 p.m.30 views

Cisco SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain C...

6.7CVSS6.7AI score0.00354EPSS
Exploits0References1
Cisco
Cisco
added 2021/09/08 4:0 p.m.30 views

Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this...

5.5CVSS5.3AI score0.0025EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.30 views

Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability

A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...

8.1CVSS1.2AI score0.02767EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.30 views

Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...

5.8CVSS6.7AI score0.02279EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.30 views

Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

5.8CVSS5.6AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.30 views

Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability

A vulnerability in the IP Address Resolution Protocol ARP feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor ESP installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload,...

7.4CVSS7.4AI score0.00429EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.30 views

Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...

6.1CVSS1.9AI score0.01097EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/26 4:0 p.m.30 views

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service DoS condition due to the BGP session being down. The...

8.6CVSS8.3AI score0.01825EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/29 4:0 p.m.30 views

Cisco Data Center Network Manager Command Injection Vulnerability

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...

8.2CVSS2.1AI score0.0079EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/29 4:0 p.m.30 views

Cisco Data Center Network Manager Command Injection Vulnerability

A vulnerability in the Device Manager application of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

6.3CVSS2.1AI score0.01019EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/15 4:0 p.m.30 views

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in URL filtering for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted,...

4CVSS1.2AI score0.01282EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/15 4:0 p.m.30 views

Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient...

4.8CVSS1.5AI score
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.30 views

Cisco Umbrella Open Redirect Vulnerability

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could...

4.7CVSS1AI score0.00815EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.30 views

Cisco Webex Meetings Desktop App and Webex Meetings Client URL Filtering Arbitrary Program Execution Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App and Cisco Webex Meetings Client could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could...

7.5CVSS1.8AI score0.04117EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.30 views

Cisco Smart Software Manager On-Prem Improper Access Control Vulnerability

A vulnerability in the web application of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this...

5.3CVSS1.6AI score0.01207EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.30 views

Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...

5.3CVSS2.4AI score0.0104EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.30 views

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious...

6.7CVSS2.7AI score0.00339EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.30 views

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...

6.7CVSS3.1AI score0.00322EPSS
Exploits0References1
Cisco
Cisco
added 2020/04/15 4:0 p.m.30 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording...

7.8CVSS1.9AI score0.01907EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/19 4:0 p.m.30 views

Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...

6.8CVSS1.8AI score0.01471EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/19 4:0 p.m.30 views

Cisco Unified Contact Center Express Privilege Escalation Vulnerability

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

7.2CVSS2.9AI score0.03415EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/29 4:0 p.m.30 views

Cisco Small Business Switches Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could...

7.5CVSS0.8AI score0.1027EPSS
Exploits3References1
Cisco
Cisco
added 2020/01/08 4:0 p.m.30 views

Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS6AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.30 views

Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for t...

4.6CVSS2.3AI score0.00707EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.30 views

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on the affected device. The vulnerability exists because of...

7.5CVSS2.9AI score0.01149EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.30 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

6.1CVSS6AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.30 views

Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

6.5CVSS0.9AI score0.02355EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.30 views

Cisco IOS XE Software Arbitrary File Write Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

4.9CVSS1.9AI score0.01029EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.30 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

6.1CVSS2.6AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.30 views

Cisco NX-OS System Software Management Interface Denial of Service Vulnerability

A vulnerability in management interface access control list ACL configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to...

5.3CVSS2AI score0.02645EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.30 views

Cisco NX-OS System Software Patch Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

6.7CVSS6.4AI score0.00233EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.30 views

Cisco WebEx Event Center Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would...

4.3CVSS4.6AI score0.01239EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.30 views

Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability

A vulnerability in the wireless controller manager of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this...

7.4CVSS6.4AI score0.00749EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.30 views

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server...

5.4CVSS6.4AI score0.02336EPSS
Exploits0References1
Total number of security vulnerabilities5000