Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2015/07/30 8:36 p.m.28 views

Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability

A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context. The vulnerability is due to insufficient input validation. An unauthenticated, remote attack...

4.3CVSS6.5AI score0.01927EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/30 8:5 p.m.28 views

Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability

Cisco IM and Presence Service contains a reflected cross-site scripting XSS vulnerability that could allow an unauthenticated, remote attacker to preform an XSS attack on an authenticated user. The vulnerability is due to an incomplete user input filter that may not filter certain HTML or script...

4.3CVSS5.2AI score0.0136EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/09 8:33 p.m.28 views

Cisco TelePresence Serial Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence Serial Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a...

4.3CVSS6.6AI score0.00996EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/07 8:49 p.m.28 views

Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 2 OSPFv2 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. The vulnerability is due to improper handling of OSPFv2 packets. An attacker could...

6.1CVSS6.2AI score0.00652EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/24 10:6 p.m.28 views

Cisco Unified Presence Server Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Presence Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An...

4.3CVSS5.8AI score0.02162EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/24 10:1 p.m.28 views

Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability

A vulnerability in the Cisco IM and Presence Service could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper web page restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to access...

4CVSS7.5AI score0.02335EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/23 8:45 p.m.28 views

Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability

A vulnerability in Cisco Identity Services Engine and Secure Access Control System could allow an authenticated, remote attacker to gain unauthorized access to program data. The vulnerability is due to weak authentication and authorization used to control access to support bundles stored on a...

4CVSS6.7AI score0.02064EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/22 4:4 p.m.28 views

Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco Universal Broadband Router devices could allow an authenticated, remote attacker to cause a crash of the Parallel Express Forwarding PXF process on the Performance Routing Engine PRE module. The vulnerability is due to a memory leak that occurs when...

6.8CVSS6.8AI score0.02744EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/11 4:10 p.m.28 views

Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

A vulnerability in the IP version 6 IPv6 processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit NPU and a reload of the line card processing an IPv6 packet. The...

5CVSS6.2AI score0.02194EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/29 8:9 p.m.28 views

Cisco Headend System Release Archive File Download Vulnerability

A vulnerability in Cisco Headend System Release could allow an unauthenticated, remote attacker to download temporary script files. The vulnerability is due to improper input validation of the HTTP request header. An attacker could exploit this vulnerability by manipulating the URL of an HTTP...

5CVSS6.3AI score0.01948EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/14 4:38 p.m.28 views

Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability

A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

5CVSS6.3AI score0.01456EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/20 9:14 p.m.28 views

Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative web interface of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a reflected cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of user-supplied input by the affected...

4.3CVSS5.6AI score0.0111EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/16 2:54 p.m.28 views

Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...

4.3CVSS6.5AI score0.01447EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/13 4:21 p.m.28 views

Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability

A vulnerability in the status-checking process of remote access tunnels for supporting Cisco Web Security Appliances WSA could allow an authenticated, local attacker to execute arbitrary Python code on the affected system. The vulnerability is due to improper usage and handling of the pickle Pyth...

6.6CVSS6.9AI score0.0038EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/10 5:41 p.m.28 views

Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability

A vulnerability in the status checking process of support remote access tunnels in the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to execute arbitrary Python code on a targeted system. The vulnerability is due to improper use and handling of the pickle Python...

6.6CVSS7.1AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/03 2:12 p.m.28 views

Cisco ASR1000 Series Routers ESP Module Denial of Service Vulnerability

A vulnerability in the Embedded Services Processor ESP module of Cisco ASR 1000 Series Routers running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of malformed H.323 packets by an...

5.4CVSS6.1AI score0.01679EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/31 6:8 p.m.28 views

Cisco Unified Communications Domain Manager Application Software Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to unspecified condition within the affected software that could allow local file inclusion. An...

4CVSS6.6AI score0.01327EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/31 6:5 p.m.28 views

Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability

A vulnerability in the Image Management functionality of Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected...

5.5CVSS7.1AI score0.01361EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/19 5:49 p.m.28 views

Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability

A vulnerability in the administration portal page of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to the administration portal page ...

4.3CVSS5.6AI score0.00931EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/14 5:9 a.m.28 views

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code. The vulnerability is due to a lack of input sanitization of certain IPC commands. An attacker could exploit this...

4.3CVSS6.7AI score0.00317EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/11 4:0 p.m.28 views

Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability

The Cisco Intrusion Prevention System IPS Software has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this...

7.1CVSS6.5AI score0.01264EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/19 5:35 p.m.28 views

Cisco Hosted Collaboration Solution Unauthorized System Access Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP Interface of the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted system. An attacker could exploit the vulnerability by transmitting crafted Challenge SOAP...

4.3CVSS6.9AI score0.01078EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/04 4:48 p.m.28 views

Cisco Unified IP Phone 9900 Series Denial of Service Vulnerability

A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...

4.6CVSS6.3AI score0.00304EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/30 9:26 p.m.28 views

Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified Communication Domain Manager version 10 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. ...

4.3CVSS6.7AI score0.01267EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/30 4:59 p.m.28 views

Cisco WebEx Meetings Server XMLAPI Vulnerability

A vulnerability in the XML application programming interface API of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of return messages. An attacker could exploit this vulnerability by...

5CVSS6.4AI score0.01846EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/11 3:49 p.m.28 views

Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability

A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security TLS certificate that may be accepted by the affected device. The vulnerability is due to...

4.3CVSS6.4AI score0.00678EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/06 3:6 p.m.28 views

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the port or address range compression feature for access control lists ACLs on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The...

5CVSS6.5AI score0.01359EPSS
Exploits0References1
Cisco
Cisco
added 2014/09/19 6:43 p.m.28 views

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...

5CVSS6.2AI score0.01735EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/11 7:3 p.m.28 views

Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability

A vulnerability in the Real-Time Monitoring Tool RTMT of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to download files from arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could...

6.8CVSS6.5AI score0.0275EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/10 3:27 p.m.28 views

Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability

A vulnerability in the file sharing functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to trigger a heap-based buffer overflow in the Cisco WebEx Meetings client running on another user's computer. The vulnerability exists because the affected softwar...

5.1CVSS6.8AI score0.03413EPSS
Exploits0References1
Cisco
Cisco
added 2014/06/11 8:57 p.m.28 views

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in BulkViewFileContentsAction.java of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper filename parameters. An attacker could exploit this vulnerability by...

4CVSS6.3AI score0.0185EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/22 3:44 p.m.28 views

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to cause the affected system to stop processing Remote Authentication Dial-In User Service RADIUS packets. The vulnerability is due to improper implementation of deadlock code when the system...

4CVSS6.5AI score0.0219EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/14 8:9 p.m.28 views

Cisco IOS Software ScanSafe Vulnerability

A vulnerability in the content scanning module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability occurs when processing HTTPS packets that need to be redirected to a ScanSafe tower. An attacker could exploit this...

5.4CVSS6.3AI score0.01825EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/08 5:36 p.m.28 views

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the code of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper instructions to reload the controller card. A CAL pipe fails to open when the file descriptors are exhausted...

5CVSS6.4AI score0.01795EPSS
Exploits1References1
Cisco
Cisco
added 2014/04/03 7:57 p.m.28 views

Cisco Emergency Responder Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Emergency Responder Cisco ER UserServlet of Cisco ER Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco ER web interface. The vulnerability is due to insufficient input validation of a...

4.3CVSS5.8AI score0.01792EPSS
Exploits0References1
Cisco
Cisco
added 2014/03/26 4:0 p.m.28 views

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software implementation of the Network Address Translation NAT feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address these...

7.8CVSS6.7AI score0.01669EPSS
Exploits1References1
Cisco
Cisco
added 2014/03/05 4:0 p.m.28 views

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...

10CVSS6.1AI score0.0134EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/19 4:0 p.m.28 views

Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

Cisco Firewall Services Module FWSM Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could...

7.1CVSS6.4AI score0.00886EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/12 5:11 p.m.28 views

Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability

A vulnerability in the log4jinit web application of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to access the log4jinit web application. The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An...

5CVSS6.6AI score0.01949EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/22 4:0 p.m.28 views

Cisco TelePresence System Software Command Execution Vulnerability

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...

8.3CVSS7.3AI score0.02303EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/08 9:51 p.m.28 views

Cisco Context Directory Agent Hidden Input Vulnerability

A vulnerability in certain input fields of Cisco Context Directory Agent CDA could allow an authenticated, remote attacker to hide values that are entered in the affected input fields. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

4CVSS6.4AI score0.02017EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/15 5:52 p.m.28 views

Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication. The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit...

5CVSS6.5AI score0.01778EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/15 5:46 p.m.28 views

Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability

A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit th...

6.8CVSS2.7AI score0.00315EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/13 5:34 p.m.28 views

Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability

A vulnerability in the web framework of the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation of configuration parameters. An attacker could exploit this vulnerability ...

6.8CVSS0.7AI score0.00925EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/11 9:11 p.m.28 views

Cisco Adaptive Security Appliance IPv6 NAT Denial of Service Vulnerability

A vulnerability in the function that performs IP version 6 IPv6 Network Address Translation NAT for Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to improper implementation of the logic that performs NAT when t...

5.4CVSS2.1AI score0.02032EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/16 4:20 p.m.28 views

Cisco Identity Services Engine Upload Filename Validation Vulnerability

A vulnerability in the file upload filename parsing routine of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload a file with a malicious filename. The vulnerability is due to insufficient validation of uploaded filenames. An attacker could exploit this...

4CVSS1.8AI score0.00767EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/14 8:48 p.m.28 views

Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

4.6CVSS3.2AI score0.0028EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/14 2:58 p.m.28 views

Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...

6.8CVSS3.4AI score0.004EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/09 2:11 p.m.28 views

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input used i...

6CVSS2.4AI score0.01317EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/02 9:48 p.m.28 views

Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability

A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

6.8CVSS3.1AI score0.00346EPSS
Exploits0References1
Total number of security vulnerabilities5000