5224 matches found
Cisco Unified Computing System Arbitrary Command Execution Vulnerability
A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...
Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities
A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...
Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco Unified MeetingPlace Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could...
Cisco Jabber for Windows Certificate Validation Vulnerability
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...
Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...
Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability
A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...
Cisco 9900 Series Phone Arbitrary File Download Vulnerability
A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...
Cisco Hosted Collaboration Mediation Excessive CPU Utilization Vulnerability
A vulnerability in the network stack of Cisco Hosted Collaboration Mediation could allow an unauthenticated, remote attacker to cause excessive CPU utilization on the affected system. The vulnerability is due to insufficient optimization of resources when the affected system is flooded with...
Cisco Wireless LAN Controller Telnet Denial of Service Vulnerability
A vulnerability in Cisco Wireless LAN Controller Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition for remote login Telnet sessions. The vulnerability is due to improper cleanup of incorrectly terminated remote login sessions. An exploit could...
Cisco ASA Software VPN Group Enumeration Vulnerability
A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...
Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...
Cisco Unity Connection Memory Leak Denial of Service Vulnerability
Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit...
Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability
Cisco Nexus 7000 M1-Series Modules contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect handling of crafted packets processed by the affected software. An unauthenticated, remote attacker cou...
Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
Cisco Prime Data Center Network Manager DCNM contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released software updates that address this...
Cisco NX-OS FCIP Remote Denial of Service Vulnerability
Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit...
Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
Cisco TelePresence Endpoint devices contain the following vulnerabilities: Cisco TelePresence API Remote Command Execution Vulnerability Cisco TelePresence Remote Command Execution Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the AP...
Cisco Unified Communications Manager Directory Traversal Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Crafted IPv6 over MPLS Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS on a targeted device. The vulnerability is due to the processing of IP version 6 IPv6 packets by the vulnerable version of software on an affected device. If an...
Cisco Unified Communications Manager Memory Leak Vulnerability
Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software update...
Cisco Content Services Gateway Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS XR Software Border Gateway Protocol Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco uBR10012 Series Devices SNMP Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Building Broadband Service Manager Cross-Site Scripting Vulnerability
Cisco Building Broadband Service Manager BBSM 5.3 SP2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists due to an input validation error in certain web pages associated with the BBSM web...
Cisco Unified IP Phone Extension Mobility Monitoring Vulnerability
Cisco Unified IP Phone devices contain a vulnerability that could allow an authenticated, remote attacker to eavesdrop on ongoing conversations around an affected device, potentially resulting in a disclosure of sensitive information. The vulnerability exists due to insecure handling of the...
Multiple Vulnerabilities in Firewall Services Module
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Web-based Management Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability
Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.22.1 contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system. The vulnerability exists...
Cisco IOS VTP Malformed Version Denial of Service Vulnerability
Cisco IOS contains a vulnerability in the VLAN Trunking Protocol VTP that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the VTP feature in several versions of Cisco IOS software does not properly handle malformed packe...
Access Point Web-browser Interface Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Call Manager Denial of Service
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition. Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Teln...
Cisco CallManager Memory Handling Vulnerabilities
...
Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
...
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial...
Cisco IOS XE Software Secure Boot Bypass Vulnerabilities
Multiple vulnerabilities in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due...
Cisco Catalyst Center Unauthenticated API Access Vulnerability
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, an attacker must have valid ISE administrative credentials. These...
Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability
A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...
Cisco DNA Center API Insufficient Access Control Vulnerability
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...
Cisco Identity Services Engine Arbitrary File Download Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...
Cisco Network Services Orchestrator Path Traversal Vulnerability
A vulnerability in the RESTCONF and NETCONF services of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of th...
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this...
Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability
A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker cou...
Cisco AppDynamics Controller Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...
Cisco Webex Meetings Email Content Injection Vulnerability
A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...
Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit th...