Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2015/07/28 8:43 p.m.22 views

Cisco UCS Central Software File Access Vulnerability

A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

5CVSS6.4AI score0.01729EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/15 12:12 a.m.22 views

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

4.3CVSS6.7AI score0.00996EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/13 10:48 p.m.22 views

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to perform reflected cross-site scripting XSS attacks. The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit...

4.3CVSS5.8AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/07/09 6:0 p.m.22 views

Cisco TelePresence IP Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence IP Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

4.3CVSS6.6AI score0.00996EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/30 5:48 p.m.22 views

Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. The vulnerability exists due to insufficient input sanitization of...

4.3CVSS7.2AI score0.00407EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/22 2:53 p.m.22 views

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine PRE crash on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to a race condition that may cause a...

7.1CVSS6.3AI score0.02124EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/19 9:15 p.m.22 views

Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP code of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to crash an affected device. The vulnerability is due to an error in parsing a malformed LLDP packet. An attacker could exploit this vulnerability by sending a...

6.1CVSS6.3AI score0.00815EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/16 7:35 p.m.22 views

Cisco Prime Collaboration Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Collaboration Manager interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An...

6.4CVSS7.1AI score0.0186EPSS
Exploits0References1
Cisco
Cisco
added 2015/06/02 10:48 p.m.22 views

Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability

A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to obtain sensitive information. The Cisco Unified MeetingPlace application does not always properly validate the session ID in the HTTP URL. This could allow an attacker to obtain...

5CVSS6.1AI score0.01948EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/29 8:12 p.m.22 views

Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability

A vulnerability in the UDP applications TFTP and DHCP of Cisco Headend System Release could allow an unauthenticated, remote attacker to take the TFTP and DHCP listening ports offline for a period of time. The vulnerability is due to a particular UDP traffic pattern in addition to the amount of U...

5CVSS6.5AI score0.01988EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/29 8:9 p.m.22 views

Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...

4.3CVSS7.1AI score0.01559EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/12 7:39 p.m.22 views

Cisco Headend Digital Broadband Delivery System Cross-Site Scripting Vulnerability

A vulnerability in the web-based administration interface of the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on the affected device. The vulnerability is due to improper input validation of certain...

4.3CVSS5.9AI score0.01546EPSS
Exploits0References1
Cisco
Cisco
added 2015/05/06 4:0 p.m.22 views

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

10CVSS7.4AI score0.04514EPSS
Exploits0References1
Cisco
Cisco
added 2015/04/29 9:36 p.m.22 views

Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability

A vulnerability in HTTP packet processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the session manager service on the affected device. The vulnerability is due to improper processing of malformed HTTP packets. An...

5CVSS7.1AI score0.01242EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/10 8:59 p.m.22 views

Cisco IOS Software Kernel Timer Vulnerability

A vulnerability in the kernel timers in Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to improper management of kernel timers. An attacker could exploit this vulnerability by sending crafted traffic, causing...

5.4CVSS6.2AI score0.01819EPSS
Exploits0References1
Cisco
Cisco
added 2015/02/04 8:41 p.m.22 views

Cisco Unified IP Phone 9900 Series Insecure Device Permissions Vulnerability

A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a complete denial of service DoS on an affected device. The vulnerability is due to insecure file permissions on some devices. An attacker could exploit this vulnerability by writing to...

4.4CVSS6.2AI score0.00304EPSS
Exploits0References1
Cisco
Cisco
added 2015/01/23 7:55 p.m.22 views

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access. The vulnerability is due to an exposed application programming interface API. An attacker could exploit this vulnerability by sendin...

6.4CVSS6.4AI score0.01373EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/14 4:13 p.m.22 views

Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability

A vulnerability in the ZIP inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the engine protection and deliver malicious ZIP files. The vulnerability is due to improper implementation of the logic for analyzing the...

5CVSS6.4AI score0.01718EPSS
Exploits0References1
Cisco
Cisco
added 2014/10/08 7:28 p.m.22 views

Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

A vulnerability in the web framework of Cisco Intrusion Prevention System IPS Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service DoS condition. The vulnerability is due to improper...

4CVSS6.6AI score0.01345EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/14 1:6 p.m.22 views

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

6.8CVSS2.6AI score0.01702EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/10 4:24 p.m.22 views

Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability

A vulnerability in the Dialed Number Analyzer DNA of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a parameter in t...

5CVSS5.6AI score0.01161EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/08 1:51 p.m.22 views

Cisco IOS XR Software Punt Policer Denial of Service Vulnerability

A vulnerability in the implementation of the punt policer on Trident line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to overload the CPU on the Trident line card or route processor RP and eventually cause a denial of service DoS...

6.4CVSS6.4AI score0.02798EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/22 4:7 p.m.22 views

Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability

A vulnerability in Cisco Tidal Enterprise Scheduler Agent could allow an authenticated, local attacker to execute arbitrary commands on the affected system with the privileges of the root user. The vulnerability is due to insufficient validation of the Tidal Job Buffers TJB parameters when the...

6CVSS7.7AI score0.00313EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/20 2:38 p.m.22 views

Cisco IOS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in Link Layer Discovery Protocol LLDP in Cisco switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to incorrect handling of malformed LLDP packets. An attacker could exploit this vulnerability by sending a...

6.1CVSS6.3AI score0.00766EPSS
Exploits0References1
Cisco
Cisco
added 2014/05/14 7:29 p.m.22 views

Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability

A vulnerability in Locator/ID Separation Protocol LISP control message processing in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a vulnerable device to disable Cisco Express Forwarding and eventually drop traffic passing through. The...

4.3CVSS6.4AI score0.0155EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/29 7:56 p.m.22 views

Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...

4CVSS6.7AI score0.00764EPSS
Exploits0References1
Cisco
Cisco
added 2014/04/03 8:0 p.m.22 views

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

A vulnerability in the CERUserServlet pages of the Cisco Emergency Responder Cisco ER could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco ER web interface. The vulnerability is due to insufficient CSRF protections on the Cisco ER w...

4.3CVSS6.5AI score0.00649EPSS
Exploits0References1
Cisco
Cisco
added 2014/03/31 8:22 p.m.22 views

Cisco IOS Software High Priority Queue Denial of Service Vulnerability

A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...

5.7CVSS6.3AI score0.00723EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/27 10:52 p.m.22 views

Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could...

4.3CVSS6.8AI score0.00818EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/12 8:1 p.m.22 views

Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager UCM Unified CallManager Interactive Voice Response CMIVR interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...

4.3CVSS7.1AI score0.0126EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/12 7:58 p.m.22 views

Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager UCM IP Manager Assistant IPMA interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied...

4.3CVSS7AI score0.0126EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/24 3:38 p.m.22 views

Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability

A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager VSOM could allow an unauthenticated, remote attacker to access the MySQL database. The vulnerability is due to insufficient authentication controls. An attacker could exploit thi...

6.8CVSS6.4AI score0.01596EPSS
Exploits0References1
Cisco
Cisco
added 2014/01/16 7:18 p.m.22 views

Cisco Secure ACS RMI Arbitrary File Read Vulnerability

A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...

6.3CVSS6.5AI score0.01405EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/18 9:17 p.m.22 views

Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability

A vulnerability in the disaster recovery system DRS of Cisco Unified Communications Manager UCM could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An attacker could...

4CVSS2.3AI score0.02091EPSS
Exploits0References1
Cisco
Cisco
added 2013/12/13 7:8 p.m.22 views

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...

4.3CVSS0.7AI score0.02059EPSS
Exploits1References1
Cisco
Cisco
added 2013/12/13 7:6 p.m.22 views

Cisco WebEx Sales Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

4.3CVSS1.7AI score0.02117EPSS
Exploits1References1
Cisco
Cisco
added 2013/12/02 9:4 p.m.22 views

Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability

A vulnerability in the Cisco Express Forwarding processing module that checks the sanity of IP headers on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, leading to a denial of service DoS condition. The vulnerability is due to improper...

5.4CVSS2AI score0.0204EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/13 10:10 p.m.22 views

Cisco Enterprise License Manager Path Traversal Vulnerability

A vulnerability in the license upload interface of the Cisco Enterprise License Manager ELM could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

6.3CVSS2.4AI score0.02127EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/11 7:36 p.m.22 views

Cisco Adaptive Security Appliance Auto-Update Denial of Service Vulnerability

A vulnerability in the auto-update feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause a reload of the ASA. The vulnerability is due to insufficient input validation of auto-update data. An attacker could exploit this vulnerability by...

5.4CVSS3.4AI score0.01173EPSS
Exploits0References1
Cisco
Cisco
added 2013/11/06 4:0 p.m.22 views

Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank...

10CVSS6.7AI score0.02096EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/11 3:4 p.m.22 views

Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability

A vulnerability in the web application interface of Cisco 9900 series IP phones could allow an unauthenticated, remote attacker to cause the webapp interface to become unavailable. The vulnerability is due to insufficient input validation of certain fields. An attacker could exploit this...

5CVSS2.6AI score0.02111EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/11 2:36 p.m.22 views

Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability

A vulnerability in the administrative web interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input passed to a...

4CVSS3.6AI score0.23309EPSS
Exploits5References1
Cisco
Cisco
added 2013/10/10 5:32 p.m.22 views

Cisco Unified IP Phone 8900/9900 Series Crafted SDP Packet Vulnerability

A vulnerability in the SDP negotiation logic of the Cisco Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and the Cisco Unified IP Phone 8961 could allow an unauthenticated, remote attacker to cause the phone to reboot. The vulnerability is due to improper processing of crafted SDP...

5.4CVSS6.7AI score0.01816EPSS
Exploits0References1
Cisco
Cisco
added 2013/10/01 3:34 p.m.22 views

Cisco Unified Communications Domain Manager Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied inp...

5.5CVSS2.3AI score0.0104EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/30 8:3 p.m.22 views

Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability

A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds. The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this...

5CVSS6.8AI score0.01284EPSS
Exploits0References1
Cisco
Cisco
added 2013/09/04 4:0 p.m.22 views

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary...

9.3CVSS7.7AI score0.03189EPSS
Exploits0References1
Cisco
Cisco
added 2013/08/12 2:42 p.m.22 views

Cisco Finesse User Data in Query Vulnerability

A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data. The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query...

5CVSS0.7AI score0.02084EPSS
Exploits0References1
Cisco
Cisco
added 2013/08/02 7:12 p.m.22 views

Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability

A vulnerability in the web pages of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

4.3CVSS3.1AI score0.00576EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/24 4:0 p.m.22 views

Multiple Vulnerabilities in the Cisco Video Surveillance Manager

The Cisco Video Surveillance Manager VSM allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints...

9CVSS6.6AI score0.10188EPSS
Exploits0References1
Cisco
Cisco
added 2013/07/22 8:43 p.m.22 views

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

4.3CVSS0.6AI score0.01792EPSS
Exploits0References1
Total number of security vulnerabilities5000