Lucene search
K

5224 matches found

Cisco
Cisco
added 2017/11/01 4:0 p.m.45 views

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is...

8.8CVSS8.8AI score0.00781EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.41 views

Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability

A vulnerability in the handling of 802.11w Protected Management Frames PAF by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected device does not properl...

4.7CVSS6.2AI score0.00569EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.52 views

Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...

7.7CVSS6.7AI score0.01607EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.40 views

Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...

6.8CVSS7.6AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.44 views

Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability

A vulnerability in the Access Network Query Protocol ANQP ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS condition. The...

4.7CVSS6.5AI score0.00569EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.48 views

Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability

A vulnerability in the implementation of 802.11v Basic Service Set BSS Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...

7.4CVSS7.4AI score0.00708EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.45 views

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device. The vulnerability is due to imprope...

6.7CVSS7.4AI score0.77071EPSS
Exploits3References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.45 views

Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability

A vulnerability in the implementation of Protected Extensible Authentication Protocol PEAP functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected...

6.1CVSS7.8AI score0.00715EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.57 views

Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to...

4.3CVSS4.7AI score0.00608EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.41 views

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability

A vulnerability in Extensible Authentication Protocol EAP ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency RF adjacent attacker to cause the Access Point AP to reload, resulting in a denial of service...

7.4CVSS6.5AI score0.00811EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/23 9:30 p.m.64 views

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...

5.9CVSS7.4AI score0.0091EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/20 9:0 p.m.61 views

Cisco AMP for Endpoints Static Key Vulnerability

On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to...

6.7CVSS6.4AI score0.003EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.46 views

Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.54 views

Cisco Webex Messenger Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Webex Messenger could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation...

5.5CVSS5.3AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.43 views

Cisco Expressway Series, Cisco TelePresence Video Communication Server, and Cisco TelePresence Conductor REST API Denial of Service Vulnerability

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software, Cisco TelePresence Video Communication Server VCS Software, and Cisco TelePresence Conductor Software could allow an authenticated, remote attacker to cause the CDB process on an affected system ...

4.3CVSS4.7AI score0.01649EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.43 views

Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability

A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...

9.9CVSS9.6AI score0.02162EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.32 views

Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

4.2CVSS6.8AI score0.00447EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.58 views

Cisco Jabber for Windows Client Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...

5.5CVSS5.3AI score0.00357EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.38 views

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS...

7.5CVSS7.6AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.42 views

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.53 views

Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The...

7.5CVSS7.6AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.28 views

Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking...

5.3CVSS9AI score0.00982EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.37 views

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

4.4CVSS4.4AI score0.00367EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.51 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.37 views

Cisco WebEx Meetings Server Denial of Service Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this...

5.8CVSS8.5AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.35 views

Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.75 views

Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

8.6CVSS8.7AI score0.0445EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/18 4:0 p.m.34 views

Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that i...

6.5CVSS5.3AI score0.37192EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/16 2:0 p.m.154 views

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

On October 16, 2017, a research paper with the title “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access WPA and the Wi-Fi Protected Access II WPA2...

4.3CVSS7.4AI score0.04575EPSS
Exploits1References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.49 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

6.1CVSS6.1AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.93 views

Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due...

8.6CVSS8.6AI score0.06541EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.62 views

Cisco AnyConnect Network Access Manager Dual-Homed Interface Vulnerability

A vulnerability in the Network Access Manager NAM of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by...

5.5CVSS6.2AI score0.00354EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.49 views

Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service DoS condition because the Snort process restarts unexpectedly. The vulnerability is due...

8.6CVSS8.6AI score0.0158EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.41 views

Cisco License Manager Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that...

7.5CVSS7.5AI score0.11487EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.69 views

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

4.7CVSS6.3AI score0.01686EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.83 views

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service DoS condition could develop because traffic can cease to be...

8.6CVSS8.5AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.48 views

Cisco Wide Area Application Services Denial-of-Service Vulnerability

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services WAAS Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected...

6.5CVSS6.5AI score0.01421EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.60 views

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the emsd service stops. The vulnerability is due to the software's inability to...

5.3CVSS7.6AI score0.02297EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.64 views

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.52 views

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

5.3CVSS5.4AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.47 views

Cisco Spark Messaging Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this...

5.4CVSS5.3AI score0.00928EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.48 views

Cisco Wide Area Application Services ICA Accelerator Denial of Service Vulnerability

A vulnerability in the Independent Computing Architecture ICA accelerator feature for the Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service DoS...

5.8CVSS5.2AI score0.01565EPSS
Exploits0References1
Cisco
Cisco
added 2017/10/04 4:0 p.m.48 views

Cisco Meeting App Local Privilege Escalation Vulnerability

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL...

4.2CVSS4.5AI score0.00358EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.44 views

Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol PN-DCP for Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the improper...

8.6CVSS7.6AI score0.06938EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.47 views

Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 ISR G2 Routers running Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilit...

7.4CVSS6.4AI score0.02171EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.36 views

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the improper...

8.6CVSS2.2AI score
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.38 views

Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate...

8.7CVSS5.8AI score0.00997EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.32 views

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of t...

9.9CVSS8.7AI score0.03175EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.36 views

Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability

A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service DoS condition. The...

7.4CVSS6.6AI score0.02034EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.29 views

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper translation of H.323 messages tha...

8.6CVSS2.1AI score0.06938EPSS
Exploits0References1
Total number of security vulnerabilities5224