Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2015/10/19 10:0 a.m.25 views

Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability

A vulnerability in the policy code of Cisco FireSIGHT Management Center for VMware could allow an authenticated, remote attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An...

4CVSS6.9AI score0.02745EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/12 10:0 p.m.25 views

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

4.3CVSS6.3AI score0.00364EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/16 4:0 p.m.25 views

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...

8.5CVSS6.4AI score0.02644EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/14 6:52 p.m.25 views

Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...

5.5CVSS6.8AI score0.01697EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 9:34 p.m.25 views

Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...

5.5CVSS6.5AI score0.02456EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 8:14 p.m.25 views

Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability

A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...

6.8CVSS6.4AI score0.01647EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/30 4:0 p.m.25 views

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the code handling the reassembly of fragmented IP version 4 IPv4 or IP version 6 IPv6 packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor ESP...

7.8CVSS6.7AI score0.01982EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/27 8:54 p.m.25 views

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

5CVSS6.6AI score0.0127EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/25 2:43 p.m.25 views

Cisco Wireless LAN Controller Command Injection Vulnerability

A vulnerability in the command-line interface CLI processor of the Cisco Wireless LAN Controller WLC could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient...

6.8CVSS6.8AI score0.00483EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/09 1:37 p.m.25 views

Cisco Prime Network Control System Unauthorized Configuration Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...

5.5CVSS6.6AI score0.02086EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/27 4:8 p.m.25 views

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Email Interaction Manager EIM and Cisco Unified Web Interaction Manager WIM interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...

5CVSS7.1AI score0.01847EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/22 4:7 p.m.25 views

Cisco Unified Communications Manager Multiple Vulnerabilities

Multiple vulnerabilities in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS, cross-site request forgery XSRF, and phishing attacks on the affected software. The vulnerabilities are due to improper input validation of certain...

4.3CVSS6.6AI score0.00794EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/28 5:23 p.m.25 views

Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability

A vulnerability in the Overlay Transport Virtualization OTV processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of oversized OTV frames passing through an affected...

5.7CVSS6.5AI score0.00721EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/22 3:31 p.m.25 views

Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...

4.3CVSS6.2AI score0.01096EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/14 7:23 p.m.25 views

Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability

A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...

4.3CVSS6.6AI score0.01869EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/02 8:1 p.m.25 views

Cisco Nexus 9000 Series Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco Nexus 9000 software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs when the High Availability HA policy is set to Reset in the affected software. An authenticated, remote attacker...

6.8CVSS6.4AI score0.01329EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/02 9:4 p.m.25 views

Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...

4.3CVSS5.9AI score0.01773EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/23 11:32 p.m.25 views

Cisco AsyncOS Software HTTP Redirect Vulnerability

A vulnerability in the web framework of Cisco AsyncOS could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a malicious website. The vulnerability is due to insufficient validation of user input before it is used as an HTTP head...

4.3CVSS6.3AI score0.02157EPSS
Exploits3References1
Cisco
Cisco
added 2015/01/28 4:0 p.m.25 views

Cisco Prime Service Catalog XML External Entity Processing Vulnerability

A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...

7CVSS6.4AI score0.02371EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/28 2:16 p.m.25 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation on several web...

4.3CVSS5.5AI score0.01792EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/15 11:5 p.m.25 views

Cisco Secure Access Control Server Privilege Escalation Vulnerability

A vulnerability in role-based access control in Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to take actions with an elevated authorization level. The vulnerability is due to improper privilege validation. An attacker could exploit the vulnerability by...

6.5CVSS6.7AI score0.01633EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/14 9:30 p.m.25 views

Cisco MDS 9000 Series Denial of Service Vulnerability

A vulnerability in the high availability HA subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

5CVSS6.5AI score0.02973EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/07 10:46 p.m.25 views

Cisco Jabber Guest Server Cross-Site Scripting Vulnerability

Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

4.3CVSS5.7AI score0.01792EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/19 5:6 p.m.25 views

Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...

5CVSS6.4AI score0.02255EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/03 8:21 p.m.25 views

Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the CCM Service interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerabilit...

4.3CVSS5.7AI score0.01951EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/03 6:30 p.m.25 views

Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the CCM admin interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability ...

4.3CVSS5.6AI score0.01951EPSS
Exploits0References1
Cisco
Cisco
added 2014/11/03 6:17 p.m.25 views

Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the CCM Dialed Number Analyzer interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. T...

4.3CVSS5.6AI score0.01951EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/27 2:50 p.m.25 views

Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability

A vulnerability in Internet Protocol version 4 IPv4 packet processing of the Cisco ASR901 could allow an unauthenticated, remote attacker to flood packets to the ASR901 CPU. The vulnerability is due to punting crafted IPv4 packets to the CPU for processing. An attacker could exploit this...

5CVSS6.5AI score0.01735EPSS
Exploits0References1
Cisco
Cisco
added 2014/08/25 8:30 p.m.25 views

Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability

A vulnerability in the packet parsing code of Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due ...

4.6CVSS6.3AI score0.01109EPSS
Exploits0References1
Cisco
Cisco
added 2014/08/18 10:26 p.m.25 views

Cisco NX-OS Software SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An...

5CVSS6.2AI score0.04662EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/29 6:36 p.m.25 views

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

A vulnerability in the web based administration interface of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a...

4.3CVSS5.6AI score0.01372EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/28 8:9 p.m.25 views

Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The issue is due to insufficient input validation of parameters by the web...

4.3CVSS5.5AI score0.0217EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/28 8:0 p.m.25 views

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

5CVSS6.3AI score0.01652EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/16 4:0 p.m.25 views

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

10CVSS7.5AI score0.06955EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/10 2:16 p.m.25 views

Cisco Unified Communications Manager DNA Path Traversal Vulnerability

A vulnerability in the /dna/viewfilecontents.do URL of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to view files from specific locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker...

4CVSS6.4AI score0.02984EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/07 4:0 p.m.25 views

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute...

9.3CVSS7.7AI score0.03831EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/27 10:31 p.m.25 views

Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability

A vulnerability in the disaster recovery system DRS of Cisco Unified Contact Center Express Cisco Unified CCX could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An...

4CVSS6.2AI score0.01318EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/26 5:2 p.m.25 views

Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line interface CLI of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to inject commands into the underlying operating system. The vulnerability is due to insufficient input...

6.8CVSS6.3AI score0.00251EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/10 9:10 p.m.25 views

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...

4.3CVSS5.6AI score0.01488EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/09 4:50 p.m.25 views

Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability

A vulnerability in RADIUS message processing of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to affect the contents of the CDA cache. The vulnerability is due to insufficient validation of RADIUS accounting messages. An attacker could exploit this vulnerabilit...

4.3CVSS6.4AI score0.02271EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/03 9:50 p.m.25 views

Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in the web interface of Cisco Unified Presence Server could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied...

6.5CVSS2.4AI score0.02105EPSS
Exploits1References1
Cisco
Cisco
added 2013/11/13 3:20 p.m.25 views

Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability

A vulnerability in Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971, and Cisco Unified IP Phone 8961 could allow an authenticated, local attacker to fully compromise the affected device. The vulnerability is due to insecure file permissions on memory block devices. An attacker could explo...

6.8CVSS1.1AI score0.00283EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/13 2:59 p.m.25 views

Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability

A vulnerability in the IP version 6 IPv6 packet handling routine of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to stop responding to neighbor solicitation NS requests, causing a limited denial of service DoS condition. The vulnerability is due to...

6.1CVSS2.1AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/11 7:30 p.m.25 views

Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability

A vulnerability in the phone proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to temporarily insert an invalid entry in the phone proxy connection database. The vulnerability is due to the acceptance of an untrusted certificate. An attacke...

5CVSS1.7AI score0.00748EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/06 4:0 p.m.25 views

Cisco WAAS Mobile Remote Code Execution Vulnerability

Cisco Wide Area Application Services WAAS Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services IIS web server. Cisco has released software...

7.5CVSS7.3AI score0.02023EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/30 4:55 p.m.25 views

Cisco Adaptive Security Appliance Software Clientless SSL VPN Rewriter Denial of Service Vulnerability

A vulnerability in the clientless SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to a stack overflow while browsing internal resources via the clientless SSL VPN portal...

6.8CVSS2.9AI score0.00972EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/23 4:31 p.m.25 views

Cisco Secure Access Control System Distributed Deployment Denial of Service Vulnerability

A vulnerability in the firewall modules of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to cause certain internal processes to crash. The vulnerability is due to improper implementation of the firewall rule to limit incoming packets. An attacker could...

5CVSS2.9AI score0.01497EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/18 2:41 p.m.25 views

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...

4.3CVSS2.1AI score0.01119EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/09 3:43 p.m.25 views

Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

4.3CVSS0.5AI score0.01216EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/07 6:25 p.m.25 views

Cisco NX-OS Software Routing Information Protocol Denial of Service Vulnerability

A vulnerability in the Routing Information Protocol RIP service engine of Cisco NX-OS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition by causing the RIP service engine to restart. The vulnerability is due to improper input filtering of RIP...

5CVSS1.9AI score0.02999EPSS
Exploits0References1
Total number of security vulnerabilities5000