Lucene search
K
CiscoMost viewed

5224 matches found

Cisco
Cisco
added 2017/09/20 4:0 p.m.30 views

Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization AO related process to restart, causing a partial denial of service DoS condition. The vulnerability is due to lack of...

5.8CVSS5.3AI score0.03081EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.30 views

Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability

A vulnerability in the ROM Monitor ROMMON code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization o...

6.4CVSS6.7AI score0.00416EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.30 views

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

5.4CVSS6AI score0.01295EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.30 views

Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the General Packet Radio Service GPRS Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution SAE Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerabili...

5.8CVSS5.2AI score0.02133EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.30 views

Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerability

A vulnerability in the Trust Verification Service TVS of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS traffic by...

5.3CVSS7.6AI score0.02322EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.30 views

Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...

4.1CVSS5.1AI score0.0117EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.30 views

Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery CSRF attacks. An attacker could exploit this...

6.5CVSS9AI score0.00831EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.30 views

Cisco Prime Network Privilege Escalation Vulnerability

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. The vulnerability is due to the use of incorrect installation and permission settings for binary files when the affected...

6.7CVSS6.7AI score0.00313EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.30 views

Cisco Wide Area Application Services Core Dump Denial of Service Vulnerability

A vulnerability in the Server Message Block SMB protocol of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device due to a process restarting unexpectedly. The vulnerability is due to incomplete...

5.8CVSS5.5AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.30 views

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

9.8CVSS9.9AI score0.042EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.30 views

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against an affected system. The vulnerability is due to insufficient validation of certain user-supplied input passed in...

6.1CVSS6.1AI score0.00911EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.30 views

Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods,...

9.8CVSS9.8AI score0.6217EPSS
Exploits5References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.30 views

Cisco Remote Expert Manager Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

4.3CVSS5.3AI score0.02663EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.30 views

Cisco TelePresence IX5000 Series Directory Traversal Vulnerability

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory...

7.5CVSS7.6AI score0.036EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.30 views

Cisco Nexus Series Switches CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this...

4.4CVSS7.7AI score0.00853EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.30 views

Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability

A vulnerability in the detection engine parsing of Pragmatic General Multicast PGM protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is...

8.6CVSS8.6AI score0.03013EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.30 views

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

8.8CVSS8.6AI score0.0264EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.30 views

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

A vulnerability in the detection engine that handles Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process unexpectedly restarts. The vulnerability is due to imprope...

6.8CVSS5.8AI score0.01266EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/01 4:0 p.m.30 views

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validati...

5.3CVSS6AI score0.01228EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/01 4:0 p.m.30 views

Cisco Firepower Management Center Incomplete Rule Set Vulnerability

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. The vulnerability is due to a lack of condition checks in the rules engine. An attacker could...

5.8CVSS5.7AI score0.02191EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.30 views

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. The vulnerability is due to improper filtering of certain TAR...

5CVSS4.7AI score0.01556EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.30 views

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit...

5CVSS7.5AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.30 views

Cisco Hybrid Media Service Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service...

6.8CVSS7.6AI score0.00326EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.30 views

Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level. The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit...

6.8CVSS7.9AI score0.0036EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.30 views

Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

4.3CVSS6.1AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.30 views

Cisco Firepower Management Center Console Local File Inclusion Vulnerability

A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allo...

4CVSS6.2AI score0.36617EPSS
Exploits5References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.30 views

Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability

A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Email Security Appliance ESA, Web Security Appliance WSA, and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...

4.3CVSS5.8AI score0.0202EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/14 4:0 p.m.30 views

Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability

A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...

5CVSS7.6AI score0.02475EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.30 views

Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability

A vulnerability in the traffic stream metrics TSM implemented with the Inter-Access Point Protocol IAPP of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the process on the WLC unexpectedly restarts. The D...

5.7CVSS5.5AI score0.00617EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/31 4:0 p.m.30 views

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...

6.8CVSS8.3AI score0.01269EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/14 5:0 p.m.30 views

Cisco WebEx Meetings Server Command Injection Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command...

4.9CVSS8AI score0.01254EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/14 5:0 p.m.30 views

Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...

4.3CVSS5.9AI score0.01417EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/17 12:0 a.m.30 views

Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause the crash of an affected device. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...

6.1CVSS6.5AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/17 12:0 a.m.30 views

Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...

6.1CVSS6.5AI score0.00574EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/15 4:0 p.m.30 views

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is d...

10CVSS9.7AI score0.04806EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/18 4:0 p.m.30 views

Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability

A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does no...

7.8CVSS7.6AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/06 4:0 p.m.30 views

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...

7.8CVSS7.6AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/02 8:30 a.m.30 views

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager UCDM Software could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could...

4.3CVSS6.1AI score0.00773EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/25 2:0 p.m.30 views

Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP query process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient...

4.3CVSS6.1AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/13 4:0 p.m.30 views

Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Devices running Cisco Wireless LAN Controller WLC software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an...

10CVSS9.4AI score0.02976EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/05 4:51 p.m.30 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack on a specific page. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

4CVSS6.8AI score0.01208EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/15 4:38 p.m.30 views

Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability

A vulnerability in the Identity Management subsystem used by the WebApplications of Cisco Unified Communications Manager Cisco UCM software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to invalid session requests. An attacker...

5CVSS6.7AI score0.02365EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/01 9:30 p.m.30 views

Cisco WebEx Meetings for Android Custom Permissions Vulnerability

A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at...

4.3CVSS6.3AI score0.01513EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/04 4:0 p.m.30 views

Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...

7.8CVSS6.7AI score0.01925EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 12:0 a.m.30 views

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

4CVSS6.5AI score0.0137EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/21 4:0 p.m.30 views

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...

7.1CVSS6.5AI score0.0189EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/22 4:2 p.m.30 views

Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to lack of checks in the code f...

7.2CVSS6.5AI score0.01202EPSS
Exploits3References1Affected Software1
Cisco
Cisco
added 2015/09/01 1:35 p.m.30 views

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...

6.6CVSS7.2AI score0.0054EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/20 1:45 p.m.30 views

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...

4CVSS7.1AI score0.01778EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/12 7:19 p.m.30 views

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...

4CVSS6.4AI score0.01327EPSS
Exploits0References1
Total number of security vulnerabilities5000