Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
•added 2023/11/01 4:0 p.m.•29 views

Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense FTD Software and devices that are running Cisco Firepower Management FMC Software could allow an authenticated, local attacker to execute arbitrary commands with root...

8.2CVSS8.4AI score0.00234EPSS
Exploits0References1
Cisco
Cisco
•added 2023/08/23 4:0 p.m.•29 views

Cisco FXOS Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...

4.4CVSS5.9AI score0.0017EPSS
Exploits0References1
Cisco
Cisco
•added 2023/08/16 4:0 p.m.•29 views

ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

7.5CVSS7.3AI score0.00883EPSS
Exploits0References1
Cisco
Cisco
•added 2023/04/05 4:0 p.m.•29 views

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input...

6.5CVSS7.2AI score0.00961EPSS
Exploits0References1
Cisco
Cisco
•added 2023/03/01 4:0 p.m.•29 views

Cisco Unified Intelligence Center Vulnerabilities

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. Ther...

6.5CVSS5.6AI score0.00731EPSS
Exploits0References1
Cisco
Cisco
•added 2023/02/15 4:0 p.m.•29 views

Cisco Nexus Dashboard Denial of Service Vulnerability

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a...

7.5CVSS7.6AI score0.00952EPSS
Exploits0References1
Cisco
Cisco
•added 2023/01/18 4:0 p.m.•30 views

Identifying and Mitigating Security Exposures When Using No Payload Encryption Images with Existing Cryptographic Configuration

Cisco IOS Software and Cisco IOS XE Software images come in two types: The regular universalk9 image and the No Payload Encryption NPE universalk9npe image. NPE images were introduced to satisfy import requirements in some countries that require that the platform does not support strong payload...

7AI score
Exploits0References1
Cisco
Cisco
•added 2022/09/07 4:0 p.m.•29 views

Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

7.5CVSS7.3AI score0.00342EPSS
Exploits0References1
Cisco
Cisco
•added 2022/06/15 4:0 p.m.•29 views

Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

7.7CVSS7.6AI score0.00953EPSS
Exploits0References1
Cisco
Cisco
•added 2022/05/04 4:0 p.m.•29 views

ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...

6.5CVSS6.2AI score0.00391EPSS
Exploits0References1
Cisco
Cisco
•added 2022/04/20 4:0 p.m.•29 views

Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...

4.1CVSS0.7AI score0.00176EPSS
Exploits0References1
Cisco
Cisco
•added 2022/04/13 4:0 p.m.•29 views

Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could...

8.6CVSS7.9AI score0.00897EPSS
Exploits0References1
Cisco
Cisco
•added 2022/04/13 4:0 p.m.•29 views

Cisco SD-WAN Solution Improper Access Control Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...

7.8CVSS7.7AI score0.00209EPSS
Exploits0References1
Cisco
Cisco
•added 2022/01/12 4:0 p.m.•29 views

Cisco Enterprise Chat and Email Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks, enumerate existing user accounts, and redirect a user to an undesired webpage. For more information...

6.1CVSS5.3AI score0.00745EPSS
Exploits0References1
Cisco
Cisco
•added 2020/11/04 4:0 p.m.•29 views

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

4.4CVSS2.6AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
•added 2020/11/04 4:0 p.m.•29 views

Cisco Integrated Management Controller Username Enumeration Vulnerability

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication...

5.3CVSS5.4AI score0.0082EPSS
Exploits0References1
Cisco
Cisco
•added 2020/11/04 4:0 p.m.•29 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management...

6.1CVSS1.8AI score0.00823EPSS
Exploits0References1
Cisco
Cisco
•added 2020/10/21 4:0 p.m.•29 views

Cisco Firepower Threat Defense Software SSL Input Validation Denial of Service Vulnerability

A vulnerability in the sslinspection component of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the sslinspection component. An attacker could exploit this...

5.8CVSS6AI score0.00957EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/24 4:0 p.m.•29 views

Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability

A vulnerability in the Common Open Policy Service COPS engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this...

8.6CVSS8.6AI score0.01374EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/24 4:0 p.m.•29 views

Cisco IOS XE ROM Monitor Software Vulnerability

A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...

6.4CVSS6.3AI score0.00285EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/24 4:0 p.m.•29 views

Cisco IOS XE Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...

8.8CVSS1.9AI score0.01804EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/24 4:0 p.m.•29 views

Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability

A vulnerability in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause a denial of service DoS on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by...

8.6CVSS8.6AI score0.01415EPSS
Exploits0References1
Cisco
Cisco
•added 2020/09/02 4:0 p.m.•29 views

Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists...

4.3CVSS1.5AI score0.00875EPSS
Exploits0References1
Cisco
Cisco
•added 2020/08/05 4:0 p.m.•29 views

Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one...

5CVSS1.1AI score0.01133EPSS
Exploits0References1
Cisco
Cisco
•added 2020/08/05 4:0 p.m.•29 views

Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS0.8AI score
Exploits0References1
Cisco
Cisco
•added 2020/07/29 4:0 p.m.•29 views

Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based...

5.3CVSS1.7AI score0.01218EPSS
Exploits0References1
Cisco
Cisco
•added 2020/07/29 4:0 p.m.•29 views

Cisco Data Center Network Manager Improper Authorization Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...

8.8CVSS1.4AI score0.02042EPSS
Exploits0References1
Cisco
Cisco
•added 2020/07/29 4:0 p.m.•29 views

Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in the archive utility of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive file...

8.8CVSS2.3AI score0.07038EPSS
Exploits0References1
Cisco
Cisco
•added 2020/07/15 4:0 p.m.•29 views

Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT TURN server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TU...

4.3CVSS0.7AI score0.00991EPSS
Exploits0References1
Cisco
Cisco
•added 2020/07/15 4:0 p.m.•29 views

Cisco SD-WAN vManage Software Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

6.5CVSS2.5AI score0.02646EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/17 4:0 p.m.•29 views

Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected...

7.2CVSS4.5AI score
Exploits0References1
Cisco
Cisco
•added 2020/06/17 4:0 p.m.•29 views

Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could...

8.1CVSS0.8AI score0.02364EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/17 4:0 p.m.•29 views

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

6.7CVSS1.4AI score0.00467EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/03 4:0 p.m.•29 views

Cisco Application Services Engine Software Authorization Vulnerability

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...

5.5CVSS2.5AI score0.00279EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/03 4:0 p.m.•29 views

Cisco Unified Contact Center Express Improper API Authorization Vulnerability

A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...

5.4CVSS1.6AI score0.00806EPSS
Exploits0References1
Cisco
Cisco
•added 2020/06/03 4:0 p.m.•29 views

Cisco IOS XE SD-WAN Software Authentication Bypass Vulnerability

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

6.8CVSS6.8AI score0.00436EPSS
Exploits0References1
Cisco
Cisco
•added 2020/05/06 4:0 p.m.•29 views

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...

5.8CVSS5.6AI score0.02156EPSS
Exploits0References1
Cisco
Cisco
•added 2020/05/06 4:0 p.m.•29 views

Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability

A vulnerability in the generic routing encapsulation GRE tunnel decapsulation feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a memory handling erro...

8.6CVSS7.7AI score0.01935EPSS
Exploits0References1
Cisco
Cisco
•added 2020/05/06 4:0 p.m.•29 views

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability

A vulnerability in role-based access control of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to...

4.3CVSS4.8AI score0.00675EPSS
Exploits0References1
Cisco
Cisco
•added 2020/05/06 4:0 p.m.•29 views

Cisco Firepower Management Center Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

4.3CVSS5.4AI score0.00843EPSS
Exploits0References1
Cisco
Cisco
•added 2020/05/06 4:0 p.m.•29 views

Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

5.5CVSS5.3AI score0.01216EPSS
Exploits0References1
Cisco
Cisco
•added 2020/03/18 4:0 p.m.•29 views

Cisco SD-WAN Solution vManage SQL Injection Vulnerability

A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...

5.4CVSS1.3AI score0.54249EPSS
Exploits0References1
Cisco
Cisco
•added 2020/03/04 4:0 p.m.•29 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex...

7.8CVSS1.7AI score0.02256EPSS
Exploits0References1
Cisco
Cisco
•added 2020/02/26 4:0 p.m.•29 views

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

8.8CVSS3AI score0.02044EPSS
Exploits0References1
Cisco
Cisco
•added 2020/01/08 4:0 p.m.•29 views

Cisco Mobility Management Entity Denial of Service Vulnerability

A vulnerability in the implementation of the Stream Control Transmission Protocol SCTP on Cisco Mobility Management Entity MME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an eNodeB that is connected to an affected device. The vulnerability is due ...

6.8CVSS1.7AI score0.01389EPSS
Exploits0References1
Cisco
Cisco
•added 2020/01/02 4:0 p.m.•29 views

Cisco Data Center Network Manager Path Traversal Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...

7.2CVSS0.8AI score0.4996EPSS
Exploits4References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•29 views

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...

7.8CVSS1.8AI score0.01516EPSS
Exploits4References1
Cisco
Cisco
•added 2018/09/05 4:0 p.m.•29 views

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...

7.8CVSS3AI score0.0045EPSS
Exploits0References1
Cisco
Cisco
•added 2018/06/06 4:0 p.m.•29 views

Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability

A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...

6.7CVSS1.5AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
•added 2018/05/02 4:0 p.m.•29 views

Cisco IOS XR Software netconf Denial of Service Vulnerability

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...

5.3CVSS2.7AI score0.03298EPSS
Exploits0References1
Total number of security vulnerabilities5000