Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2015/09/22 8:5 p.m.23 views

Cisco TelePresence Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

4.3CVSS6.6AI score0.00996EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/16 4:0 p.m.23 views

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...

9CVSS6.4AI score0.02644EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 9:13 p.m.23 views

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access MRA endpoint. The vulnerability is due to insufficient validation of the registering phone line. An attacker coul...

4.9CVSS6.4AI score0.01889EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 8:14 p.m.23 views

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...

4CVSS5.9AI score0.01648EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 8:14 p.m.23 views

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed authentication messages. An attacker could exploit this...

5CVSS6.2AI score0.02597EPSS
Exploits0References1
Cisco
Cisco
added 2015/08/13 8:14 p.m.23 views

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...

5CVSS6.1AI score0.02389EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/30 8:7 p.m.23 views

Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Prime Central for Hosted Collaboration Solution PC4HCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability...

4.3CVSS5.7AI score0.0136EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/10 1:21 p.m.23 views

Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence Advanced Media Gateway Series could allow and unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the...

4.3CVSS6.6AI score0.00587EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/01 8:38 p.m.23 views

Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability

A vulnerability in the Command Line Interface CLI parser of Cisco Nexus Operating System NX-OS devices could allow an authenticated, local attacker to perform a privilege escalation. The vulnerability is due to improper input validation of special characters within filenames. An attacker could...

4.3CVSS6.3AI score0.00425EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/26 5:24 p.m.23 views

Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller Cisco APIC could allow an authenticated, remote attacker to have read access to certain information stored in the affected system. The vulnerability is due to improper handling of RBAC...

5.5CVSS6.4AI score0.01409EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/02 9:27 p.m.23 views

Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability

A vulnerability in Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to bypass Extended Authentication XAUTH and successfully log in via IPsec remote VPN. The vulnerability is due to improper implementation ...

4CVSS6.6AI score0.02026EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/29 9:51 p.m.23 views

Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability

A vulnerability in the web-based user interface of Cisco Unified MeetingPlace could allow an authenticated, remote attacker to gain read access to select information stored on the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file...

4CVSS5.9AI score0.01628EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/13 7:16 p.m.23 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability within the administrative interface of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to an affected device. An unauthenticate...

4.3CVSS6.3AI score0.02162EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/28 3:13 p.m.23 views

Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability

A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Address...

6.1CVSS6.2AI score0.00727EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/01 4:0 p.m.23 views

Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

Cisco Prime Data Center Network Manager DCNM contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released software updates that address this vulnerability. Workarounds...

7.8CVSS6AI score0.40608EPSS
Exploits0References1
Cisco
Cisco
added 2015/03/19 8:55 p.m.23 views

Cisco Videoscape Distribution Suite for Internet Streaming Denial of Service Vulnerability

A vulnerability in the DNS subsystem of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS used by Cisco services routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of specific...

5CVSS6.4AI score0.01497EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/23 8:25 p.m.23 views

Cisco Hosted WebEx Meeting Center Configuration Manipulation Vulnerability

A vulnerability in the Cisco Hosted WebEx Meeting Center service could allow an unauthenticated, remote attacker to enable meeting features that were explicitly disabled by the meeting organizer or site administrator. The vulnerability is due to improper checking of certain meeting parameters whe...

5CVSS6.7AI score0.02049EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/06 9:52 p.m.23 views

Cisco Jabber Guest Server HTML5 Response Disclosure

A vulnerability in Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to disclose sensitive information on the targeted system. The vulnerability is due to missing encryption on sensitive data passed via HTTP GET or POST methods by the affected software. An attacker could...

5CVSS6.2AI score0.01822EPSS
Exploits0References1
Cisco
Cisco
added 2014/12/18 6:27 p.m.23 views

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...

5CVSS6.2AI score0.01218EPSS
Exploits0References1
Cisco
Cisco
added 2014/12/12 4:59 p.m.23 views

Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software version 8 could allow an authenticated, remote attacker to inject commands that can be executed by the underlying operating system with the privileges of the web server process. The...

6.5CVSS7AI score0.01499EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/14 6:31 p.m.23 views

Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability

A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...

5.4CVSS6.3AI score0.00889EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/10 8:53 p.m.23 views

Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability

A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks RPL of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane ACP. The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networki...

4.8CVSS6.3AI score0.00717EPSS
Exploits0References1
Cisco
Cisco
added 2014/09/08 4:0 p.m.23 views

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

7.8CVSS6.4AI score0.02584EPSS
Exploits0References1
Cisco
Cisco
added 2014/08/13 3:33 p.m.23 views

Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in certain pages of the administrative web interface of Cisco Unified Communications Manager Cisco Unified CM and Cisco Unified IM and Presence Server formerly Cisco Unified Presence Server could allow an authenticated, remote attacker to perform a number of different SQL injectio...

5.5CVSS7.4AI score0.01541EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/23 6:39 p.m.23 views

Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability

A vulnerability in NetFlow processing in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due to...

6.1CVSS6.3AI score0.01205EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/11 7:56 p.m.23 views

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in the Java database interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input...

4.3CVSS6.9AI score0.01962EPSS
Exploits0References1
Cisco
Cisco
added 2014/06/13 6:31 p.m.23 views

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System mDNS used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS. The vulnerability is due to unconstrained autonomic networking...

4.8CVSS6.1AI score0.01148EPSS
Exploits0References1
Cisco
Cisco
added 2014/06/09 8:38 p.m.23 views

Cisco AsyncOS Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

4.3CVSS5.5AI score0.02426EPSS
Exploits4References1
Cisco
Cisco
added 2014/05/22 3:54 p.m.23 views

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

6.5CVSS7.1AI score0.01558EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/22 2:24 p.m.23 views

Cisco TelePresence System Directory Information Disclosure Vulnerability

A vulnerability in the code retrieving directory information of Cisco TelePresence System CTS could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager Cisco UCM. The vulnerability is d...

4.3CVSS6.3AI score0.01129EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/19 6:54 p.m.23 views

Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the Cisco Unified Web and E-mail Interaction Manager web interface. The vulnerability is due to insufficient input...

4.3CVSS5.6AI score0.01148EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/30 4:19 p.m.23 views

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

4.3CVSS6.5AI score0.0057EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/08 5:39 p.m.23 views

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the session termination function of the Cisco ONS 15454 Controller Cards could allow an authenticated, remote attacker to cause the control card to reset. The vulnerability is due to an uninitialized pointer. An attacker could exploit this vulnerability by closing sessions in a...

4CVSS6.6AI score0.01381EPSS
Exploits1References1
Cisco
Cisco
added 2014/03/19 4:40 p.m.23 views

Cisco Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in Java code on the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to close TCP ports used by the system. The vulnerability is due to improper packet processing in the Java code. An exploit could allow the attacker to create a denial of...

5CVSS6.4AI score0.02963EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/25 11:4 p.m.23 views

Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to change information related to registered devices. The vulnerability is due to insufficient authentication enforcement. An...

5CVSS6.5AI score0.0138EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/21 3:36 p.m.23 views

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

4.3CVSS6.7AI score0.00725EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/19 10:58 p.m.23 views

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

6.8CVSS6AI score0.00332EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/13 8:39 p.m.23 views

Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability

A vulnerability in the Enterprise Mobility Application EMApp interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to valida...

4.3CVSS7.1AI score0.01247EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/24 6:32 p.m.23 views

Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS IP fragmentation function of Cisco IOS XE could allow an unauthenticated, remote attacker to cause the Cisco Packet Processor to crash. The vulnerability is due to input validation processing of the crafted MPLS IP packets. An attacker cou...

5.4CVSS1.9AI score0.03026EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/17 6:37 p.m.23 views

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

4.3CVSS6.7AI score0.0186EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/13 3:24 p.m.23 views

Cisco WebEx Training Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could...

4.3CVSS1.8AI score0.02117EPSS
Exploits1References1
Cisco
Cisco
added 2013/12/13 3:2 p.m.23 views

Cisco WebEx Training Center Training Session Number Disclosure Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to view the session number for trainings that require host approval before the host approves the attacker as an attendee. The vulnerability is due to inappropriate disclosure of sensitive information in...

5CVSS1.2AI score0.02578EPSS
Exploits1References1
Cisco
Cisco
added 2013/12/09 8:48 p.m.23 views

Cisco Cloud Portal Unauthenticated File Download Vulnerability

A vulnerability in the web interface of Cisco Cloud Portal could allow an unauthenticated, remote attacker to download certain file types from a vulnerable server. The vulnerability is due to insufficient enforcement of access controls for certain file types. An attacker could exploit this...

5CVSS1.8AI score0.03023EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/02 9:16 p.m.23 views

Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...

4CVSS3.1AI score0.00947EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/22 4:2 p.m.23 views

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

4.3CVSS0.5AI score0.00806EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/06 8:30 p.m.23 views

Cisco MDS 9000 NX-OS Software Denial of Service Vulnerability

A vulnerability in the supervisor of the Cisco MDS Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of Virtual Router Redundancy Protocol VRRP frames. An attacker could exploit this vulnerability by...

5CVSS2.6AI score0.01885EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/04 9:1 p.m.23 views

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

5CVSS1.9AI score0.01766EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/23 4:0 p.m.23 views

Cisco IOS XR Software Route Processor Denial of Service Vulnerability

Cisco IOS XR Software Releases 3.3.0 to 4.2.0 contain a vulnerability when handling fragmented packets that could result in a denial of service DoS condition of the Cisco CRS Route Processor cards listed in the "Affected Products" section of this advisory. The vulnerability is due to improper...

7.1CVSS6.3AI score0.01661EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/16 8:16 p.m.23 views

Cisco Identity Services Engine Sponsor Portal File Access Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access files uploaded to the Sponsor Portal. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the URL...

5CVSS2.3AI score0.01186EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/16 6:21 p.m.23 views

Cisco Identity Services Engine File Space Denial of Service Vulnerability

A vulnerability in the file upload management of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload multiple files to a specific location of the filesystem and exhaust disk space. The vulnerability is due to insufficient management of filesystem free space...

6.8CVSS2.9AI score0.01061EPSS
Exploits0References1
Total number of security vulnerabilities5000