5226 matches found
Multiple Vulnerabilities in Cisco TelePresence Manager
Cisco TelePresence Manager contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service...
Multiple Vulnerabilities in Cisco Unity Connection
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Directory Traversal Vulnerability in Cisco Network Admission Control Manager
Cisco Network Admission Control NAC Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released software updates that address this vulnerability. This...
Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Cisco WebEx Player Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software TCP Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco CSS Content Services Switch and ACE Application Control Engine HTTP SSL Header Spoofing Vulnerability
Cisco CSS Content Services Switch CSS, SSL Services Module SSLM, and ACE Application Control Engine ACE contain a vulnerability that could allow an authenticated, remote attacker to insert spoofed SSL headers into HTTP requests. The vulnerability exists because the affected products weakly enforc...
Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitiga...
Cisco IOS Software Authentication Proxy Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Denial of Service Vulnerabilities
Cisco Unified Communications Manager formerly CallManager contains multiple denial of service DoS vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol SIP and Skinny Client Control Protocol SCCP services are affected by these...
Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco PIX and ASA Appliances
...
Multiple Vulnerabilities in Cisco Secure Desktop
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS VTP Integer Wrap Denial of Service Vulnerability
Cisco IOS and Cisco Catalyst OS contain an integer overflow vulnerability that could allow an authenticated, remote attacker to cause affected devices to stop processing configuration changes, possibly resulting in a denial of service DoS condition. This vulnerability exists due to an integer...
IPv6 Crafted Packet Vulnerability
Cisco Internetwork Operating System IOS® Software is vulnerable to a Denial of Service DoS and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process...
Vulnerability in Cisco IOS Embedded Call Processing Solutions
Cisco Internetwork Operating System IOS® Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony Service ITS, Cisco CallManager Express CME or Survivable Remote Site Telephony SRST may contain a vulnerability in processing certain malformed control...
Cisco IOS DHCP Blocked Interface Denial-of-Service
...
Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued an update to V1: Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices...
Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...
Cisco IOS XE Software Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. These vulnerabilities are due to insufficient input validation when processing...
Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability
A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...
Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges and execute arbitrary commands on the underlying operating system of an affected...
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless Access Points APs could allow an authenticated, remote attacker to perform command injection and buffer overflow attacks against an affected device. In order to exploit these...
Cisco WAP371 Wireless Access Point Command Injection Vulnerability
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point AP with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validatio...
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities
Multiple vulnerabilities in Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an attacker to conduct cross-site scripting XSS attacks, execute arbitrary commands, perform SQL injection attacks, or gain elevated privileges on an affected system. Cisco has...
Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense FTD Software and devices that are running Cisco Firepower Management FMC Software could allow an authenticated, local attacker to execute arbitrary commands with root...
Cisco FXOS Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input...
Cisco Unified Intelligence Center Vulnerabilities
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. Ther...
Cisco Nexus Dashboard Denial of Service Vulnerability
A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a...
Identifying and Mitigating Security Exposures When Using No Payload Encryption Images with Existing Cryptographic Configuration
Cisco IOS Software and Cisco IOS XE Software images come in two types: The regular universalk9 image and the No Payload Encryption NPE universalk9npe image. NPE images were introduced to satisfy import requirements in some countries that require that the platform does not support strong payload...
Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...
Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...
ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...
Cisco SD-WAN Solution Improper Access Control Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could...
Cisco Enterprise Chat and Email Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks, enumerate existing user accounts, and redirect a user to an undesired webpage. For more information...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...
Cisco Integrated Management Controller Username Enumeration Vulnerability
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management...
Cisco Firepower Threat Defense Software SSL Input Validation Denial of Service Vulnerability
A vulnerability in the sslinspection component of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the sslinspection component. An attacker could exploit this...
Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability
A vulnerability in the Common Open Policy Service COPS engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco IOS XE ROM Monitor Software Vulnerability
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
Cisco IOS XE Software Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...
Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability
A vulnerability in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause a denial of service DoS on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by...