Lucene search
K

5224 matches found

Cisco
Cisco
added 2018/06/06 4:0 p.m.44 views

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

6.1CVSS6.1AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.39 views

Cisco Unified Computing System Role-Based Access Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

6.7CVSS2.5AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.136 views

Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

4.8CVSS1.2AI score0.00983EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.40 views

Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service DoS condition...

9.8CVSS2.9AI score0.08074EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.29 views

Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability

A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...

6.7CVSS1.5AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.126 views

Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...

8.6CVSS7.7AI score0.99903EPSS
Exploits18References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.80 views

Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

8.1CVSS3.1AI score0.03958EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.46 views

Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

9.8CVSS2AI score0.03618EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/22 1:0 a.m.71 views

CPU Side-Channel Information Disclosure Vulnerabilities: May 2018

On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, loca...

5.6CVSS7.2AI score0.60631EPSS
Exploits2References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is...

5.8CVSS1.5AI score0.03381EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.38 views

Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker w...

6.5CVSS2.4AI score0.01907EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.28 views

Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security EAP-TLS certificate validation during EAP authentication for the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causi...

8.6CVSS1.5AI score0.0252EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.35 views

Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.1AI score0.01818EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.41 views

Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco TelePresence IX5000 Series Software and Cisco TelePresence TX9000 Series Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to...

6.1CVSS1.1AI score0.01796EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could...

6.1CVSS1AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.37 views

Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

4.2CVSS2.7AI score0.00684EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...

8.1CVSS3.1AI score0.00719EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.43 views

Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

10CVSS1.5AI score0.02747EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.37 views

Cisco SocialMiner Notification System Denial of Service Vulnerability

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit th...

5.3CVSS1.8AI score0.01676EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.36 views

Cisco Digital Network Architecture Center Static Credentials Vulnerability

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user...

10CVSS2.6AI score0.0379EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.30 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

6.1CVSS6AI score0.01783EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.35 views

Cisco Digital Network Architecture Center Unauthorized Access Vulnerability

A vulnerability in the container management subsystem of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container...

10CVSS2.5AI score0.05398EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.32 views

Cisco Firepower Threat Defense Software Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer SSL Access Control AC policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.31 views

Cisco Meeting Server Media Services Denial of Service Vulnerability

A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...

7.5CVSS2.1AI score0.03381EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.85 views

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

6.3CVSS1.8AI score0.04569EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.31 views

Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...

5.8CVSS1.8AI score0.01454EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.56 views

Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability

A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...

4.1CVSS1.3AI score0.0048EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.35 views

Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point APs on Qualcomm Atheros QCA based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. A successful explo...

4.7CVSS1.6AI score0.00603EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.57 views

Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability

A vulnerability in the assignment and management of default user accounts for Secure Shell SSH access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affecte...

7.5CVSS2.1AI score0.02243EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.51 views

Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. For more information about this vulnerability per Cisco product, see the Details...

9.8CVSS9.5AI score0.49867EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.37 views

Cisco Secure Access Control System Remote Code Execution Vulnerability

A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...

9.8CVSS9.7AI score0.07073EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.22 views

Cisco WebEx Recording Format Player Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Recording Format WRF Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a...

5.3CVSS0.8AI score0.02674EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.26 views

Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...

6.5CVSS6.3AI score0.02228EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.29 views

Cisco IOS XR Software netconf Denial of Service Vulnerability

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...

5.3CVSS2.7AI score0.03298EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.24 views

Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the implementation of Point-to-Point Tunneling Protocol PPTP functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

8.6CVSS2.4AI score0.03957EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.37 views

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this...

6.5CVSS9AI score0.03885EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.24 views

Cisco Prime Service Catalog User Interface Denial of Service Vulnerability

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to...

6.5CVSS1.7AI score0.02776EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.26 views

Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability

A vulnerability in the IP Version 4 IPv4 fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...

8.6CVSS1.4AI score0.02516EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.35 views

Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to incomplete input...

7.4CVSS2.1AI score0.00523EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.48 views

Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability

A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...

4.7CVSS1.4AI score0.00947EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.30 views

Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

6.5CVSS0.9AI score0.02355EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.32 views

Cisco Meeting Server Remote Code Execution Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces an...

8.8CVSS1.4AI score0.04152EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.22 views

Cisco Firepower System Software Transport Layer Security Extensions Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...

5.8CVSS1.3AI score0.01454EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.36 views

Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachme...

9.6CVSS9.6AI score0.03247EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.31 views

Cisco Unified Communications Manager HTTP Interface Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

5.4CVSS1AI score0.01756EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.53 views

Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...

5.9CVSS5.8AI score0.01337EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.36 views

Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...

5.8CVSS1.4AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.59 views

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.37 views

Cisco MATE Live Directory Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker cou...

5.3CVSS0.6AI score0.02383EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.92 views

Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability

A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...

6.5CVSS6.7AI score0.03577EPSS
Exploits0References1
Total number of security vulnerabilities5224