Cisco 11500 Content Services Switch HTTP Request Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

IOS Stack Group Bidding Protocol Crafted Packet DoS

The Cisco IOS Stack Group Bidding Protocol SGBP feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free...

Cisco IPSec Malformed IKE Packet Vulnerability

...

Multiple Vulnerabilities in CBOS

...

Cisco IOS 11.3(1.2) and 11.3(1.2)T AAA Failure

...

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued an update to V1: Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices...

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wi...

Cisco Meeting Management REST API Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating...

Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This...

Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper management of resources during fragment...

Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance ESA; and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting XSS attack against...

Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability

A vulnerability in the remote support feature of Cisco Umbrella Virtual Appliance could allow an authenticated, remote attacker to obtain full control of an affected device. This vulnerability is due to an undocumented support mechanism that is present on the product. An attacker could exploit th...

Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points APs could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An...

Cisco Unified Communications Products Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a...

Cisco SD-WAN vManage Software Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete input...

Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in Cisco Data Center Network Manager DCNM Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any...

Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for use...

Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the...

Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An...

Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the...

Cisco IOS XR Software Additional Paths Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of servic...

Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for request...

Cisco SD-WAN Solution Software Buffer Overflow Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service DoS condition. The vulnerability is due to a lack of proper input validation...

Cisco SD-WAN Solution Software Static Credentials Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a...

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...

Cisco SD-WAN vManage Software Directory Traversal Vulnerability

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation o...

Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based managemen...

Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service DoS condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to...

Cisco SD-WAN Solution SQL Injection Vulnerability

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability

A vulnerability in the implementation of the Border Gateway Protocol BGP functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect processing of a BGP update message that contains a...

Cisco Webex Video Mesh Node Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the...

Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP feature of the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete validation ...

Cisco Prime Network Information Disclosure Vulnerability

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checking mechanisms in the...

Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitati...

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...

Cisco Email Security Appliance Attachment Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of an email with an attachment and...

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 1 IKEv1 XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation...