Lucene search
K
CiscoMost viewed

5224 matches found

Cisco
Cisco
added 2020/06/03 4:0 p.m.29 views

Cisco Application Services Engine Software Authorization Vulnerability

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...

5.5CVSS2.5AI score0.00279EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.29 views

Cisco Unified Contact Center Express Improper API Authorization Vulnerability

A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...

5.4CVSS1.6AI score0.00806EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.29 views

Cisco IOx Application Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

8.1CVSS1.8AI score0.01235EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.29 views

Cisco IOS XE SD-WAN Software Authentication Bypass Vulnerability

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

6.8CVSS6.8AI score0.00436EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.29 views

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...

5.8CVSS5.6AI score0.02156EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.29 views

Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability

A vulnerability in the generic routing encapsulation GRE tunnel decapsulation feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a memory handling erro...

8.6CVSS7.7AI score0.01935EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.29 views

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability

A vulnerability in role-based access control of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to...

4.3CVSS4.8AI score0.00675EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.29 views

Cisco Firepower Management Center Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

4.3CVSS5.4AI score0.00843EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.29 views

Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

5.5CVSS5.3AI score0.01216EPSS
Exploits0References1
Cisco
Cisco
added 2020/03/18 4:0 p.m.29 views

Cisco SD-WAN Solution vManage SQL Injection Vulnerability

A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...

5.4CVSS1.3AI score0.54249EPSS
Exploits0References1
Cisco
Cisco
added 2020/03/04 4:0 p.m.29 views

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex...

7.8CVSS1.7AI score0.02256EPSS
Exploits0References1
Cisco
Cisco
added 2020/02/26 4:0 p.m.29 views

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

8.8CVSS3AI score0.02044EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/08 4:0 p.m.29 views

Cisco Mobility Management Entity Denial of Service Vulnerability

A vulnerability in the implementation of the Stream Control Transmission Protocol SCTP on Cisco Mobility Management Entity MME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an eNodeB that is connected to an affected device. The vulnerability is due ...

6.8CVSS1.7AI score0.01389EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/02 4:0 p.m.29 views

Cisco Data Center Network Manager Path Traversal Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...

7.2CVSS0.8AI score0.4996EPSS
Exploits4References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.29 views

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...

7.8CVSS1.8AI score0.01516EPSS
Exploits4References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.29 views

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...

7.8CVSS3AI score0.0045EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.29 views

Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability

A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...

6.7CVSS1.5AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.29 views

Cisco IOS XR Software netconf Denial of Service Vulnerability

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...

5.3CVSS2.7AI score0.03298EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.29 views

Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

6.1CVSS1.6AI score0.00885EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.29 views

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the role-based access control RBAC functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to ...

5.9CVSS2AI score0.0135EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.29 views

Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...

6CVSS5.9AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.29 views

Cisco NX-OS System Software Patch Installation Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

6.7CVSS6.9AI score0.0068EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.29 views

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper translation of H.323 messages tha...

8.6CVSS2.1AI score0.06938EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.29 views

Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to the...

7.5CVSS7.6AI score0.02662EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.29 views

Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...

6.7CVSS6.7AI score0.00425EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/20 4:0 p.m.29 views

Cisco Small Business Managed Switches Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...

7.7CVSS6.5AI score0.01395EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/13 4:0 p.m.29 views

Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

9.1CVSS9.4AI score0.03134EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.29 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied...

5.4CVSS5.5AI score0.01086EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.29 views

Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability

A vulnerability in the Cisco Virtual Network Function VNF Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to...

8.1CVSS8.3AI score0.01809EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.29 views

Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability

A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...

4.3CVSS4.4AI score0.01339EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/26 4:0 p.m.29 views

Cisco Access Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficien...

5.4CVSS5.2AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.29 views

Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

5.8CVSS5.8AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.29 views

Cisco Ultra Services Platform Information Disclosure Vulnerability

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...

5.5CVSS5.2AI score0.00307EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.29 views

Cisco TelePresence ICMP Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...

7.5CVSS7.6AI score0.02989EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.29 views

Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The...

4.3CVSS6.5AI score0.00662EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/22 4:0 p.m.29 views

Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the Layer 2 Tunneling Protocol L2TP parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this...

8.6CVSS7.7AI score0.02593EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.29 views

Cisco WebEx Meetings Server XML External Entity Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity XXE when parsing an XML file. An attacker could exploi...

6.5CVSS6.1AI score0.01432EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.29 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page ...

6.1CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/21 4:0 p.m.29 views

Cisco Intercloud Fabric Database Static Credentials Vulnerability

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could...

6.8CVSS8.8AI score0.01267EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.29 views

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.29 views

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted...

5CVSS7.4AI score0.014EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.29 views

Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability

A vulnerability in the jspringsecurityswitchuser function of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain...

4.3CVSS7.6AI score0.01301EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.29 views

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability

A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message...

7.8CVSS7.2AI score0.04188EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/14 4:0 p.m.29 views

Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Unified Computing System UCS Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user. The vulnerability is due to...

6.8CVSS7.6AI score0.0036EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.29 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data. The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability to learn sensitive information about the application. Cisco has...

5CVSS7.6AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/17 12:30 p.m.29 views

Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software running on Cisco cBR-8 Series Converged Broadband Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the affected...

6.8CVSS6.5AI score0.01604EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/09 4:0 p.m.29 views

Cisco IP Phones Web Application Buffer Overflow Vulnerability

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability exists because the affected software fails t...

9.8CVSS7.8AI score0.04117EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/06 8:0 a.m.29 views

Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability

A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...

6.8CVSS7.5AI score0.00362EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/24 8:30 a.m.29 views

Cisco UCS Invicta Software Default GPG Key Vulnerability

A vulnerability in Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to access some encrypted information, if the attacker can intercept communication between an affected system and a Cisco UCS Invicta Autosupport server. The vulnerability is due to the presence of a...

4.3CVSS7.5AI score0.01135EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/17 9:46 p.m.29 views

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01009EPSS
Exploits0References1
Total number of security vulnerabilities5000