Lucene search
K

5224 matches found

Cisco
Cisco
added 2018/06/20 4:0 p.m.35 views

Cisco Meeting Server Session Fixation Vulnerability

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier. The vulnerability exists because the affected application does not assign...

4CVSS1.3AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.84 views

Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...

5.3CVSS2.7AI score0.01231EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.103 views

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability

A vulnerability in the process of uploading new application images to the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an...

7.2CVSS1.4AI score0.07395EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.95 views

Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied...

8.8CVSS2AI score0.03996EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.43 views

Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

5.3CVSS2.7AI score0.00949EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.89 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability exists because the affected software insufficiently validates...

8.6CVSS2.1AI score0.02319EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.26 views

Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

6.5CVSS2.2AI score0.03228EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.62 views

Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

8.8CVSS2.7AI score0.0483EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.83 views

NVIDIA TX1 Boot ROM Vulnerability

On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode RCM is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected...

6.8CVSS6.8AI score0.0274EPSS
Exploits1References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.82 views

Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper...

6.5CVSS1.8AI score0.00394EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.57 views

Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete...

6.4CVSS1.8AI score0.00466EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.33 views

Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution Vulnerability

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could...

7.8CVSS2.2AI score0.00431EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.40 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services CFS component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric...

9.8CVSS3AI score0.05958EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.91 views

Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in...

8.8CVSS2.3AI score0.01507EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.44 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software insufficiently validates...

8.6CVSS2.4AI score0.02826EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.95 views

Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...

8.6CVSS0.7AI score0.0254EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.103 views

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

7.7CVSS1.7AI score0.02048EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.25 views

Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol SNMP MIB for Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of servi...

7.7CVSS1.5AI score0.02048EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.50 views

Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing UCS E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability...

4.3CVSS2.1AI score0.0038EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.28 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software...

9.8CVSS2.8AI score0.05659EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.77 views

Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...

8.2CVSS2.1AI score0.00564EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.112 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability exists because the affected software insufficiently...

9.8CVSS2.8AI score0.05659EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.47 views

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service DoS condition, or execute arbitrary code as root. The vulnerability exists because th...

9.8CVSS3AI score0.087EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.20 views

Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP feature of the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete validation ...

7.7CVSS1.5AI score0.02048EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.34 views

Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

7.8CVSS2.5AI score0.00564EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.104 views

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

9.8CVSS2.3AI score0.1767EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.30 views

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on the affected device. The vulnerability exists because of...

7.5CVSS2.9AI score0.01149EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.58 views

Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file...

6.7CVSS3.3AI score0.00314EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.32 views

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

8.6CVSS1.7AI score0.01919EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/20 4:0 p.m.33 views

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of...

5.3CVSS0.4AI score0.03449EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.71 views

Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

4.8CVSS2AI score0.01255EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.95 views

Multiple Cisco Products Disk Utilization Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

8.6CVSS1.1AI score0.01984EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.32 views

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of...

7.5CVSS1.2AI score0.0254EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.26 views

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

6.1CVSS1.3AI score0.01812EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.67 views

Cisco FireSIGHT System VPN Policy Bypass Vulnerability

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

5.8CVSS1.2AI score0.01924EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.63 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...

4.8CVSS1.1AI score0.01276EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.43 views

Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploi...

7.5CVSS1.9AI score0.03156EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.38 views

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the https://try.webex.com page of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

6.1CVSS6.1AI score0.02011EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.31 views

Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

5.1CVSS1.1AI score0.00413EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.35 views

Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability

A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...

5.3CVSS2.2AI score0.02396EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.39 views

Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an...

8.8CVSS1.8AI score0.02648EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.45 views

Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

9.8CVSS2AI score0.03618EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.35 views

Cisco Prime Collaboration Provisioning Access Control Vulnerability

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictio...

8.8CVSS2.9AI score0.02625EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.34 views

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server CMS could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports o...

7.4CVSS1.8AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.33 views

Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

7.5CVSS1.4AI score0.03889EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.53 views

Cisco Unified IP Phone Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

5.3CVSS1.4AI score0.0348EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.59 views

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

6.1CVSS6.1AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.32 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...

6.1CVSS1.6AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.86 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

8.1CVSS1.7AI score0.04056EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.58 views

Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...

5.3CVSS2.2AI score0.02415EPSS
Exploits0References1
Total number of security vulnerabilities5224