Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2020/07/29 4:0 p.m.24 views

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

9.9CVSS9.7AI score0.01917EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.24 views

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, adjacent attacker to execute arbitrary shell comman...

8.8CVSS3.3AI score0.0095EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/20 4:0 p.m.24 views

Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service DoS condition of the Cisco AMP for Endpoints service. The vulnerabili...

6.1CVSS1.2AI score0.00564EPSS
Exploits0References1
Cisco
Cisco
added 2020/04/15 4:0 p.m.24 views

Cisco Unified Communications Manager Path Traversal Vulnerability

A vulnerability in the Tool for Auto-Registered Phones Support TAPS of Cisco Unified Communications Manager UCM and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The...

7.5CVSS2.6AI score0.02799EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.24 views

Cisco SD-WAN Solution Local Privilege Escalation Vulnerability

A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this...

8.8CVSS2.4AI score0.00333EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.24 views

Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling...

9.8CVSS9.9AI score0.0335EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.24 views

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

5.8CVSS1.7AI score0.01378EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.24 views

Cisco SD-WAN Solution SQL Injection Vulnerability

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

6.4CVSS2.3AI score0.00725EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.24 views

Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

6.1CVSS1.6AI score0.00885EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.24 views

Cisco Prime Network TCP Denial of Service Vulnerability

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could explo...

5.8CVSS1.6AI score0.01619EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.24 views

Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability

A vulnerability in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier EID to a Routing Locator RLOC in the...

8.3CVSS9.7AI score0.03122EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.24 views

Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker coul...

6.5CVSS6.5AI score0.01921EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.24 views

Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability

A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...

4.3CVSS4.5AI score0.00941EPSS
Exploits0References1
Cisco
Cisco
added 2017/07/05 4:0 p.m.24 views

Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this...

6.7CVSS7.3AI score0.00318EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.24 views

Cisco IOS XR Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect permission settings on binary files in the affected software. An attacker could exploit this vulnerability by sending...

6.7CVSS6.5AI score0.00375EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/21 4:0 p.m.24 views

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

4.7CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.24 views

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

6.3CVSS8.9AI score0.00797EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.24 views

Cisco Elastic Services Controller Information Disclosure Vulnerability

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could...

4.3CVSS6.5AI score0.01203EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.24 views

Cisco Ultra Services Framework Staging Server Insecure Default Credentials Vulnerability

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device. The vulnerability is due to weak, hard-coded credentials of the admin user present on the affecte...

6.3CVSS8.7AI score0.01499EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.24 views

Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an...

5.3CVSS5.2AI score0.02301EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.25 views

Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this...

8.6CVSS7.6AI score0.03048EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.24 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

4.1CVSS5.4AI score0.01177EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.24 views

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. The vulnerability...

6.8CVSS5.8AI score0.01473EPSS
Exploits0References1
Cisco
Cisco
added 2017/03/15 4:0 p.m.24 views

Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of the Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

6.1CVSS6.1AI score0.01228EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/15 4:0 p.m.24 views

Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager IDM could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. The vulnerability is due to improper masking of sensitive data in...

5.3CVSS5.1AI score0.01318EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/01 4:0 p.m.24 views

Cisco cBR Series Converged Broadband Routers List Headers Denial of Service Vulnerability

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition. The vulnerability is due to memory corruption. An attacker could exploit...

6.8CVSS6.7AI score0.02078EPSS
Exploits0References1
Cisco
Cisco
added 2017/01/18 4:0 p.m.24 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this...

5.3CVSS5.2AI score0.01584EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.24 views

Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. The vulnerability is due to insufficient client-side validation checks. An attacker could...

5CVSS7.6AI score0.03011EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.24 views

Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. The vulnerability is due to a logic processing error that exis...

4.3CVSS5.8AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/05 4:0 p.m.24 views

Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

4.3CVSS8.9AI score0.00629EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.24 views

Cisco IOS XR Software Open Shortest Path First Link State Advertisement Denial of Service Vulnerability

A vulnerability in the implementation of Open Shortest Path First OSPF Link State Advertisement LSA functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a memory error in OSPF. An attacker...

5CVSS5.4AI score0.01599EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.24 views

Cisco Videoscape Distribution Suite Service Manager Reflective Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Videoscape Distribution Suite Service Manager VDS-SM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

4.3CVSS6.1AI score0.00853EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/28 4:0 p.m.24 views

Cisco IOS XE Software NAT Denial of Service Vulnerability

A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. ...

7.8CVSS7.8AI score0.01939EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/21 4:0 p.m.24 views

Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability

A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to incorrect installation and permissions settings for binary files when installin...

6.8CVSS7.8AI score0.00327EPSS
Exploits0References1
Cisco
Cisco
added 2016/09/07 4:0 p.m.24 views

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

4CVSS5.3AI score0.01104EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.24 views

Cisco IP Phone 8800 Series Denial of Service Vulnerability

A vulnerability in the web server of the Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this...

5CVSS7.8AI score0.02997EPSS
Exploits0References1
Cisco
Cisco
added 2016/08/17 4:0 p.m.24 views

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability

A vulnerability in the 802.11 wireless LAN protocol for Cisco Access Point AP platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to rate limiting of 802.11 traffic. An attacker could...

6.1CVSS6.5AI score0.0112EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/22 1:30 p.m.24 views

Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Contact Center Enterprise Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

4.3CVSS6AI score0.00765EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/04 4:0 p.m.24 views

Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability

A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper packet...

7.8CVSS7.6AI score0.01649EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/16 10:0 p.m.24 views

Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP BRIDGE Management Information Base MIB of the Cisco 1000 Series Connected Grid Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a faulty implementation of...

6.8CVSS6.4AI score0.01643EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/10 10:0 p.m.24 views

Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to missing authorization checks on certain administrative pages. An...

5CVSS5.4AI score0.01265EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/08 2:0 p.m.24 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...

4CVSS4.5AI score0.01167EPSS
Exploits0References1
Cisco
Cisco
added 2016/02/03 4:0 p.m.24 views

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC...

8.5CVSS8.7AI score0.0216EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/13 4:0 p.m.24 views

Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability

A vulnerability in Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to log in to the device by using a default account that has a static password. By default, the account does not have full administrative privileges. The vulnerability is due to the...

7.5CVSS7.5AI score0.01394EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/18 8:0 a.m.24 views

Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKEv1 state machine of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to tear down valid IPsec connections, resulting in a partial denial of service DoS condition. The vulnerability is due to insufficient condition...

5CVSS6.3AI score0.01744EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/09 8:0 p.m.24 views

Cisco Unity Connection Cross-Site Request Forgery Vulnerability

A cross-site request forgery CSRF vulnerability in Cisco Unity Connection could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to...

4.3CVSS7.1AI score0.00981EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/28 7:30 p.m.24 views

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

4CVSS7.3AI score0.01361EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/21 4:0 p.m.24 views

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a reques...

7.1CVSS6.5AI score0.02774EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/08 8:10 p.m.24 views

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance PCA could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit thi...

6.8CVSS6.8AI score0.01885EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/16 4:8 p.m.24 views

Cisco Nexus 9000 Series Switches Reserved VLAN Number Vulnerability

A vulnerability in the handling of incoming Layer 2 packets tagged with a Cisco Nexus 9000 Series Switch N9K reserved VLAN number could allow an unauthenticated, adjacent attacker to cause a partial denial of service DoS condition due to increased CPU utilization and possible control plane...

4.8CVSS5.9AI score0.0078EPSS
Exploits0References1
Total number of security vulnerabilities5000