Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2019/06/19 4:0 p.m.•114 views

Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denia...

8.6CVSS2.3AI score0.02233EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•114 views

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

7.8CVSS2.5AI score0.0031EPSS
Exploits0References1
Cisco
Cisco
•added 2019/01/09 4:0 p.m.•114 views

Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...

7.3CVSS8.6AI score0.02174EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/17 4:0 p.m.•113 views

Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This...

7.8CVSS1.4AI score0.01253EPSS
Exploits1References1
Cisco
Cisco
•added 2020/10/21 4:0 p.m.•113 views

Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this...

6.7CVSS7.1AI score0.00376EPSS
Exploits0References1
Cisco
Cisco
•added 2019/10/16 4:0 p.m.•113 views

Cisco Aironet Access Points Unauthorized Access Vulnerability

A vulnerability in Cisco Aironet Access Points APs Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could...

9.8CVSS2AI score0.02994EPSS
Exploits0References1
Cisco
Cisco
•added 2019/09/25 4:0 p.m.•113 views

Cisco IOS XE Software Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details "details" section of this...

7.6CVSS1.5AI score0.28948EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/05 4:0 p.m.•113 views

Cisco Industrial Network Director Remote Code Execution Vulnerability

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability ...

7.2CVSS3.5AI score0.04377EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•113 views

Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An...

8.6CVSS2.1AI score0.02416EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•113 views

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability...

7.8CVSS7.9AI score0.00378EPSS
Exploits0References1
Cisco
Cisco
•added 2015/12/09 4:0 p.m.•113 views

Vulnerability in Java Deserialization Affecting Cisco Products

A vulnerability in the Java deserialization used by the Apache Commons Collections ACC library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could explo...

9.8CVSS8.5AI score0.18763EPSS
Exploits1References1
Cisco
Cisco
•added 2014/04/09 3:0 a.m.•113 views

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...

5CVSS8AI score0.99999EPSS
Exploits87References1
Cisco
Cisco
•added 2019/10/02 4:0 p.m.•112 views

Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, and Cisco Unity Connection could allow an unauthenticated, remote...

6.5CVSS1.8AI score0.00671EPSS
Exploits0References1
Cisco
Cisco
•added 2019/09/25 4:0 p.m.•112 views

Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

A vulnerability in the RADIUS Change of Authorization CoA code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of a malformed...

6.8CVSS2.3AI score0.01829EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•112 views

Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the implementation of Border Gateway Protocol BGP functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update...

6.8CVSS6.5AI score0.01493EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•112 views

Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

6.1CVSS6.1AI score0.01057EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/20 4:0 p.m.•112 views

Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections for the...

8.1CVSS8.5AI score0.00698EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/20 4:0 p.m.•112 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability exists because the affected software insufficiently...

9.8CVSS2.8AI score0.05659EPSS
Exploits0References1
Cisco
Cisco
•added 2002/04/03 4:0 p.m.•112 views

Web Interface Vulnerabilities in Cisco Secure ACS for Windows

...

7.5CVSS3.2AI score0.05439EPSS
Exploits0References1Affected Software2
Cisco
Cisco
•added 2019/08/16 4:0 p.m.•112 views

Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

5.8CVSS5.9AI score0.01042EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•111 views

Cisco Small Business Series Switches Memory Corruption Vulnerability

A vulnerability in the Secure Sockets Layer SSL input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS...

7.5CVSS7.8AI score0.01772EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•111 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPN Manager could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improp...

4.3CVSS1.9AI score0.01274EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•111 views

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the vManage web-based UI Web UI in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

8.8CVSS3.1AI score0.04334EPSS
Exploits0References1
Cisco
Cisco
•added 2018/09/19 4:0 p.m.•111 views

Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format ARF could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerabilities are due to improper validation of Webex recording files. An attacker could...

7.8CVSS2.2AI score0.02125EPSS
Exploits0References1
Cisco
Cisco
•added 2004/04/20 9:0 p.m.•111 views

TCP Vulnerabilities in Multiple IOS-Based Cisco Products

...

5CVSS2.1AI score0.80855EPSS
Exploits3References1Affected Software31
Cisco
Cisco
•added 2023/02/22 4:0 p.m.•110 views

Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

6.3CVSS6.3AI score0.0011EPSS
Exploits0References1
Cisco
Cisco
•added 2021/03/24 4:0 p.m.•110 views

Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3650, Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating...

6.7CVSS6.8AI score0.00232EPSS
Exploits0References1
Cisco
Cisco
•added 2021/02/24 4:0 p.m.•110 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...

4.7CVSS4.6AI score0.00244EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•110 views

Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability

A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...

6.7CVSS2.9AI score0.00267EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•110 views

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...

5.8CVSS2.2AI score0.01413EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•110 views

Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit...

5.3CVSS1.8AI score0.03376EPSS
Exploits1References1
Cisco
Cisco
•added 2019/06/05 4:0 p.m.•110 views

Cisco Webex Meetings Server Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...

5.3CVSS0.9AI score0.02076EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/18 4:0 p.m.•110 views

Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...

9.8CVSS1.9AI score0.02725EPSS
Exploits0References1
Cisco
Cisco
•added 2018/07/18 4:0 p.m.•110 views

Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

7.2CVSS2.9AI score0.03054EPSS
Exploits0References1
Cisco
Cisco
•added 2016/04/28 9:0 a.m.•110 views

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...

7.5CVSS7.7AI score0.15081EPSS
Exploits9References1
Cisco
Cisco
•added 2020/06/24 4:0 p.m.•109 views

Telnet Vulnerability Affecting Cisco Products: June 2020

On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers telnetd. For more information about this vulnerability, see the Details "details" section. Cisco will release software updates that address this vulnerability. There are...

9.8CVSS0.9AI score0.74513EPSS
Exploits2References1
Cisco
Cisco
•added 2019/08/07 4:0 p.m.•109 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

7.8CVSS1.9AI score0.01508EPSS
Exploits0References1
Cisco
Cisco
•added 2019/07/03 4:0 p.m.•109 views

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

7.2CVSS2.2AI score0.03451EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/06 4:0 p.m.•109 views

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...

7.4CVSS7.4AI score0.01473EPSS
Exploits1References1
Cisco
Cisco
•added 2018/08/01 4:0 p.m.•109 views

Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...

8.1CVSS1.9AI score0.02714EPSS
Exploits0References1
Cisco
Cisco
•added 2021/05/05 4:0 p.m.•108 views

Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

7.1CVSS8AI score
Exploits0References1
Cisco
Cisco
•added 2021/04/07 4:0 p.m.•108 views

Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

6.1CVSS6.2AI score0.00823EPSS
Exploits0References1
Cisco
Cisco
•added 2019/06/19 4:0 p.m.•108 views

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

4.8CVSS1.1AI score0.00878EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/20 4:0 p.m.•108 views

Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the...

7.5CVSS1.7AI score0.01527EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•108 views

Multiple Cisco Products Disk Utilization Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

8.6CVSS1.1AI score0.01984EPSS
Exploits0References1
Cisco
Cisco
•added 2022/10/28 4:0 p.m.•107 views

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory Nov 1 2022...

7.5CVSS1.2AI score0.91153EPSS
Exploits6References1
Cisco
Cisco
•added 2022/04/27 4:0 p.m.•107 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service condition DoS on an affected device. This vulnerability is due to a lack of proper...

8.6CVSS7.8AI score0.0149EPSS
Exploits0References1
Cisco
Cisco
•added 2021/01/19 12:15 p.m.•107 views

Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021

A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service DoS, or may allow ...

8.1CVSS7.8AI score0.86692EPSS
Exploits0References1
Cisco
Cisco
•added 2019/09/25 4:0 p.m.•107 views

Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service DoS condition. The vulnerability is due to ineffective management of the underlyi...

8.6CVSS1.2AI score0.01967EPSS
Exploits0References1
Cisco
Cisco
•added 2019/03/20 4:0 p.m.•107 views

Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code. The vulnerability...

7.5CVSS2.7AI score0.0311EPSS
Exploits0References1
Total number of security vulnerabilities5000