Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2015/03/24 5:17 p.m.27 views

Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability

A vulnerability in the DHCP process of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of crafted DHCP messages on a targeted...

5CVSS6.3AI score0.01759EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/14 5:21 a.m.27 views

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. The vulnerability is due to unauthenticated IPC commands which allow software installation as...

6.8CVSS7.1AI score0.00371EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/14 4:56 a.m.27 views

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...

4.6CVSS6.5AI score0.00336EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/20 4:30 p.m.27 views

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

A vulnerability in the parsing of malformed IP version 6 IPv6 packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier Routing System CRS-X could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The...

7.1CVSS6.5AI score0.02317EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/19 5:11 p.m.27 views

Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability

A vulnerability in the application programming interface API that supports the Real-Time Monitoring Tool RTMT in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access the contents of arbitrary files on an affected device. The vulnerability is due to a failur...

6.3CVSS6.7AI score0.08439EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/17 3:33 p.m.27 views

Cisco ASR 5000 System Architecture Evolution Gateway High CPU Utilization Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause high CPU utilization and the SNMP process may stop responding. The vulnerability is due to insufficient validati...

5CVSS6.5AI score0.01553EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/10 5:1 p.m.27 views

Cisco IOS Shell Denial of Service Vulnerability

A vulnerability in the Cisco IOS Shell could allow an authenticated, but unprivileged, local user to crash the device. The vulnerability is due to improper processing of IOS Shell commands. An attacker could repeatedly exploit this vulnerability to cause an extended denial of service. Cisco has...

4.6CVSS6.2AI score0.0034EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/30 9:26 p.m.27 views

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by submitting...

5CVSS6.5AI score0.02554EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/30 4:52 p.m.27 views

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of...

4.3CVSS6.5AI score0.00866EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/23 10:25 p.m.27 views

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

5CVSS6.5AI score0.01354EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/15 10:31 p.m.27 views

Cisco WebEx Meetings Server Password Encryption Vulnerability

A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these...

4CVSS6.3AI score0.01094EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/15 5:54 p.m.27 views

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...

7.1CVSS6.4AI score0.01023EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/03 6:13 p.m.27 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input...

4CVSS7AI score0.01558EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/15 9:18 p.m.27 views

Cisco Prime Optical Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Optical could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. An attacker could exploit this vulnerability by persuading a...

6.8CVSS5.6AI score0.01274EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/15 4:0 p.m.27 views

Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this...

7.8CVSS6.7AI score0.03784EPSS
Exploits0References1
Cisco
Cisco
added 2014/09/09 2:17 p.m.27 views

Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...

4.3CVSS6.3AI score0.022EPSS
Exploits0References1
Cisco
Cisco
added 2014/08/06 4:0 p.m.27 views

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability

A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...

7.8CVSS6.4AI score0.03283EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/28 8:3 p.m.27 views

Cisco Unified Presence Server Sync Agent Vulnerability

A vulnerability in the Intercluster Sync Agent Service on Cisco Unified Presence Server could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to a SYN flood. An attacker could exploit this vulnerability by exceeding the tcp max...

5CVSS6.4AI score0.0297EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/09 2:4 p.m.27 views

Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability

A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol NTP access group and query the affected NTP-configured server for the time. The...

5CVSS6.4AI score0.02112EPSS
Exploits0References1
Cisco
Cisco
added 2014/06/11 9:19 p.m.27 views

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meeting Server could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing application URL requests that contain the...

4CVSS6.1AI score0.0138EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/07 3:17 p.m.27 views

Cisco Adaptive Security Appliance Information Disclosure Vulnerability

A vulnerability in the authorization code of Cisco ASA Software could allow an authenticated, remote attacker to access information stored on the file system of an affected system. The vulnerability is due to improper implementation of authorization controls when an unprivileged user tries to...

6.8CVSS6.3AI score0.01123EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/29 6:32 p.m.27 views

Cisco Unified Communications Manager CDR Management Vulnerability

A vulnerability in Call Detail Records CDR Management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to extraneous information included in the web page. An attacker could exploit thi...

4CVSS6.1AI score0.00947EPSS
Exploits0References1
Cisco
Cisco
added 2014/03/18 4:0 p.m.27 views

Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability

A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a...

4.3CVSS5.9AI score0.14029EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/26 4:38 p.m.27 views

Cisco Unified Communications Manager OS Administration CSRF Vulnerability

A vulnerability in the OS Administration page of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the OS Administration web interface. The vulnerability is due to insufficient CSRF...

4.3CVSS6.5AI score0.00982EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/07 8:43 p.m.27 views

Cisco Unified Communications Manager Role Bypass Vulnerability

A vulnerability in the administration portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to bypass role restrictions. The vulnerability is due to insufficient role restriction processing. An attacker could exploit this vulnerability by revisiti...

4CVSS6.5AI score0.02133EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/06 9:54 p.m.27 views

Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP functionality of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause all BGP sessions on the device to reset. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker...

4.3CVSS2.2AI score0.02833EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/03 10:26 p.m.27 views

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the TLS/SSLv3 module of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper validation of the TLS/SSLv3 packets. An attacker could exploit this vulnerability by sending a...

4.3CVSS2AI score0.01346EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/03 9:35 p.m.27 views

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the Assurance component of Cisco Prime Collaboration could allow an unauthenticated, remote attacker to conduct several cross-site scripting XSS attacks against the user of the web interface of the affected system. The vulnerability is due to insufficient validation of user...

4.3CVSS1.3AI score0.02082EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/23 4:37 p.m.27 views

Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to improper handling, processing, and termination o...

5CVSS0.4AI score0.01328EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/21 4:24 p.m.27 views

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

4.6CVSS1.8AI score0.00262EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/18 2:47 p.m.27 views

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...

4.3CVSS2.5AI score0.00527EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/17 3:30 p.m.27 views

Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

4.6CVSS2.2AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/17 3:25 p.m.27 views

Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerability

A vulnerability in the Baseboard Management Controller BMC of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is due to improper filtering of user-supplied...

6.8CVSS2.7AI score0.00328EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/07 6:20 p.m.27 views

Cisco NX-OS Software Information Disclosure Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...

4CVSS2.2AI score0.02112EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/03 12:40 p.m.27 views

Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability

A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...

6.8CVSS3AI score0.00346EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/02 7:39 p.m.27 views

Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability

A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...

6.8CVSS3AI score0.00346EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/01 5:9 p.m.27 views

Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability

A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...

6.2CVSS1.9AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/27 2:4 a.m.27 views

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

4.8CVSS1.6AI score0.00595EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/26 8:28 p.m.27 views

Cisco Unified Computing System Arbitrary Command Execution Vulnerability

A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...

6.5CVSS2.9AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/20 7:31 p.m.27 views

Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities

A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

4.3CVSS2AI score0.01773EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/05 4:0 p.m.27 views

Cisco Jabber for Windows Certificate Validation Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...

4.3CVSS1.4AI score0.00477EPSS
Exploits0References1
Cisco
Cisco
added 2013/08/29 7:40 p.m.27 views

Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability

A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...

5CVSS2.9AI score0.02995EPSS
Exploits0References1
Cisco
Cisco
added 2013/08/28 7:57 p.m.27 views

Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability

A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...

5.4CVSS0.3AI score0.03172EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/31 4:0 p.m.27 views

Cisco WAAS Central Manager Remote Code Execution Vulnerability

Cisco Wide Area Application Services WAAS when configured as Central Manager CM, contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that...

10CVSS7.4AI score0.06002EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/17 4:17 p.m.27 views

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...

6.8CVSS6.7AI score0.00329EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/17 2:39 p.m.27 views

Cisco 9900 Series Phone Arbitrary File Download Vulnerability

A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...

5CVSS2.6AI score0.01187EPSS
Exploits0References1
Cisco
Cisco
added 2013/06/12 2:29 p.m.27 views

Cisco Hosted Collaboration Mediation Excessive CPU Utilization Vulnerability

A vulnerability in the network stack of Cisco Hosted Collaboration Mediation could allow an unauthenticated, remote attacker to cause excessive CPU utilization on the affected system. The vulnerability is due to insufficient optimization of resources when the affected system is flooded with...

5CVSS1.5AI score0.01232EPSS
Exploits0References1
Cisco
Cisco
added 2013/05/06 7:56 p.m.27 views

Cisco Wireless LAN Controller Telnet Denial of Service Vulnerability

A vulnerability in Cisco Wireless LAN Controller Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition for remote login Telnet sessions. The vulnerability is due to improper cleanup of incorrectly terminated remote login sessions. An exploit could...

5CVSS1.9AI score0.01232EPSS
Exploits0References1
Cisco
Cisco
added 2013/04/18 2:22 p.m.27 views

Cisco ASA Software VPN Group Enumeration Vulnerability

A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...

5CVSS1.4AI score0.01174EPSS
Exploits1References1
Cisco
Cisco
added 2013/03/27 4:0 p.m.27 views

Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability

Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...

7.8CVSS6.5AI score0.01328EPSS
Exploits0References1
Total number of security vulnerabilities5000