Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2017/06/21 4:0 p.m.29 views

Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.6CVSS7.6AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.29 views

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files...

4.3CVSS6.3AI score0.01449EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.29 views

Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

4.3CVSS5.3AI score0.02663EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.29 views

Cisco TelePresence ICMP Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...

7.5CVSS7.6AI score0.02989EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.29 views

Cisco WebEx Meetings Server XML External Entity Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity XXE when parsing an XML file. An attacker could exploi...

6.5CVSS6.1AI score0.01432EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.29 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page ...

6.1CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.29 views

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing...

5.3CVSS9AI score0.01121EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/21 4:0 p.m.29 views

Cisco Intercloud Fabric Database Static Credentials Vulnerability

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could...

6.8CVSS8.8AI score0.01267EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.29 views

Cisco Intercloud Fabric Director Static Credentials Vulnerability

A vulnerability in the Cisco Intercloud Fabric ICF Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the...

6.4CVSS6.6AI score0.01022EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.29 views

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. The vulnerability is due to improper masking of sensitive data in the HTTP response. An...

4CVSS6.5AI score0.02194EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.29 views

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.29 views

Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability

A vulnerability in the jspringsecurityswitchuser function of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain...

4.3CVSS7.6AI score0.01301EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.29 views

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability

A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message...

7.8CVSS7.2AI score0.04188EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/14 4:0 p.m.29 views

Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Unified Computing System UCS Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user. The vulnerability is due to...

6.8CVSS7.6AI score0.0036EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.29 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data. The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability to learn sensitive information about the application. Cisco has...

5CVSS7.6AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/27 4:0 p.m.29 views

Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch AVS could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service DoS condition. The...

6.1CVSS6.6AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/29 4:0 p.m.29 views

Cisco Firepower System Software Static Credential Vulnerability

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This...

7.5CVSS8.6AI score0.01012EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/17 12:30 p.m.29 views

Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software running on Cisco cBR-8 Series Converged Broadband Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the affected...

6.8CVSS6.5AI score0.01604EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/09 4:0 p.m.29 views

Cisco IP Phones Web Application Buffer Overflow Vulnerability

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability exists because the affected software fails t...

9.8CVSS7.8AI score0.04117EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/06 8:0 a.m.29 views

Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability

A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...

6.8CVSS7.5AI score0.00362EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/24 8:30 a.m.29 views

Cisco UCS Invicta Software Default GPG Key Vulnerability

A vulnerability in Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to access some encrypted information, if the attacker can intercept communication between an affected system and a Cisco UCS Invicta Autosupport server. The vulnerability is due to the presence of a...

4.3CVSS7.5AI score0.01135EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/14 4:0 p.m.29 views

Cisco Unified Computing System Platform Emulator Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-copy command-line arguments. An attacker could exploit this...

6.8CVSS8.2AI score0.00368EPSS
Exploits0References1
Cisco
Cisco
added 2016/04/07 2:30 p.m.29 views

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient XSS protections. An attacker could exploit this vulnerability by...

4.3CVSS6AI score0.00773EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/02 8:0 a.m.29 views

Cisco FireSIGHT System Software Convert Timing Channel Vulnerability

A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. The vulnerability is due to implementation details of how...

4.3CVSS4.7AI score0.00831EPSS
Exploits0References1
Cisco
Cisco
added 2016/03/02 12:0 a.m.29 views

Cisco Prime Infrastructure Log File Remote Code Execution Vulnerability

A vulnerability in the log file handling for Cisco Prime Infrastructure could allow an authenticated, remote attacker to change and modify the system log file. The log file could have executable code added to it that could be executed when the log file is viewed. The vulnerability is due to lack ...

6.5CVSS9AI score0.02235EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/23 12:0 a.m.29 views

Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability

A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...

6.9CVSS9.4AI score0.0108EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/27 4:0 p.m.29 views

Cisco Wide Area Application Service CIFS Denial of Service Vulnerability

A vulnerability in the Common Internet File System CIFS optimization feature of the Cisco Wide Area Application Service WAAS device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service DoS condition. The...

7.8CVSS7.5AI score0.01931EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/15 11:0 a.m.29 views

Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against a user of the Cisco FireSIGHT Management Center web interface. The vulnerabilities are due to improper...

4.3CVSS6.2AI score0.01122EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/09 10:30 a.m.29 views

Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability

A vulnerability in Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the version of Cisco FirePOWER Management Center software that is running on an affected system. An attacker could use this information to conduct reconnaissance attack...

5CVSS6.1AI score0.01196EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/04 8:0 a.m.29 views

Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability

A vulnerability in the USB driver for Cisco Nexus 5000 Series Switches could allow an unauthenticated, local attacker to cause a denial of service DoS condition due to a kernel crash. The vulnerability is due to insufficient handling of USB input parameters. An attacker could exploit this...

4.9CVSS6.1AI score0.00336EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/30 10:20 p.m.29 views

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability

A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to high CPU utilization. The vulnerability occurs when the FTP client terminates the FTP contr...

5CVSS6.4AI score0.01744EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/20 11:0 a.m.29 views

Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by persuading a user of...

4.3CVSS6.8AI score0.00587EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/20 12:0 a.m.29 views

Cisco Networking Services Sensitive Information Disclosure Vulnerability

A vulnerability in the debug logging function of Cisco Networking Services CNS used for configuring Cisco IOS networking devices could allow an authenticated, local attacker to disclose sensitive data. The vulnerability is due to insufficient protections of sensitive data at rest. An attacker...

4CVSS6.1AI score0.00312EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/08 9:30 p.m.29 views

Cisco Prime Renegotiation Request Denial of Service Vulnerability

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...

5CVSS7.6AI score0.02005EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/08 8:0 p.m.29 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

6.5CVSS7.3AI score0.01592EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/30 6:56 p.m.29 views

Cisco Email Security Appliance Max Files Denial of Service Vulnerability

A vulnerability in file descriptor handling of the Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to cause a denial of service DoS condition due to the affected device unexpectedly reloading. The vulnerability is due to failure to release file descriptors when th...

6.8CVSS6.3AI score0.017EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/25 7:5 p.m.29 views

Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability

A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...

4CVSS6.4AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/24 7:21 p.m.29 views

Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability

A vulnerability in SSL certificate validation of multiple Cisco products could allow an unauthenticated, remote attacker to stage a man-in-the-middle attack. The vulnerability is due to lack of SSL certificate validation for secure LDAP. An attacker could exploit this vulnerability to stage a...

4.3CVSS6.3AI score0.00477EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/09 7:56 p.m.29 views

Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Integrated Management Controller of the Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL...

4.3CVSS6.2AI score0.00775EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/29 6:5 p.m.29 views

Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability

A vulnerability in the packet storing capabilities of Cisco 9900 Series IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the phone decoder handles certain real-time transport protocol RTP packets. An attacker...

4.3CVSS6.8AI score0.02774EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/25 4:4 p.m.29 views

Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances. The vulnerability is due to the presence of...

5.8CVSS6.4AI score0.02241EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/22 9:24 p.m.29 views

Cisco WebEx Meetings Host Calendar Download Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to access and download calendar files without authorization. The vulnerability is due to inconsistent authorization checks. An attacker could exploit this vulnerability by enumerating scheduled meetings and...

5.8CVSS6.5AI score0.03116EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/08 9:52 p.m.29 views

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...

3.5CVSS5.8AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/29 9:35 p.m.29 views

Multiple Cisco Products TCP Flood Denial of Service Vulnerability

A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service DoS condition. The vulnerability is due to a lack of rate limiting in the TCP listener...

5CVSS6.6AI score0.03427EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/22 8:33 p.m.29 views

Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

3.5CVSS5.6AI score0.00783EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/21 4:5 p.m.29 views

Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability

A vulnerability in the SOAP application programming interface API endpoints of the web services directory of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections in...

4.3CVSS8.9AI score0.01287EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/15 4:0 p.m.29 views

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers ASR could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only...

7.1CVSS6.9AI score0.03427EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/02 2:56 p.m.29 views

Cisco Identity Services Engine Portal Privilege Elevation Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access guest accounts created from another sponsor account. The vulnerability is due to a failure to restrict guest accounts across sponsors. An attacker could exploit this...

6.5CVSS6.5AI score0.01185EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/31 8:18 p.m.29 views

Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability

A vulnerability in Cisco ASR 1000 Series software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of route adjacencies. An attacker could exploit this vulnerability by sending malicious IP packets to an...

5.4CVSS6.5AI score0.01908EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/25 4:0 p.m.29 views

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability...

7.8CVSS6.7AI score0.01982EPSS
Exploits0References1
Total number of security vulnerabilities5000