Lucene search
K

5224 matches found

Cisco
Cisco
•added 2017/07/05 4:0 p.m.•30 views

Cisco Wide Area Application Services Core Dump Denial of Service Vulnerability

A vulnerability in the Server Message Block SMB protocol of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device due to a process restarting unexpectedly. The vulnerability is due to incomplete...

5.8CVSS5.5AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
•added 2017/07/05 4:0 p.m.•25 views

Cisco Elastic Services Controller Unauthorized Access Vulnerability

A vulnerability in the Play Framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacke...

9.8CVSS9.8AI score0.02927EPSS
Exploits0References1
Cisco
Cisco
•added 2017/07/05 4:0 p.m.•30 views

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

9.8CVSS9.9AI score0.042EPSS
Exploits0References1
Cisco
Cisco
•added 2017/07/05 4:0 p.m.•37 views

Cisco Ultra Services Framework UAS Unauthenticated Access Vulnerability

A vulnerability in the Ultra Automation Service UAS of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the...

9.1CVSS9.4AI score0.01555EPSS
Exploits0References1
Cisco
Cisco
•added 2017/07/05 4:0 p.m.•22 views

Cisco IOS XR Software Multicast Source Discovery Protocol Session Denial of Service Vulnerability

A vulnerability in Multicast Source Discovery Protocol MSDP ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service DoS condition. The MSDP session will restart within...

5.8CVSS7.6AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
•added 2017/07/05 4:0 p.m.•40 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

6.1CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/29 4:0 p.m.•269 views

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

8.8CVSS9.2AI score
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•24 views

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation. An attacker could exploit th...

6.1CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•31 views

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...

6.1CVSS6.3AI score0.01154EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•31 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a...

6.5CVSS5.8AI score0.00938EPSS
Exploits2References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•34 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected...

5.4CVSS5.4AI score0.00642EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•35 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability

A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...

8.8CVSS8AI score0.02359EPSS
Exploits2References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•22 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

4.7CVSS6AI score0.0128EPSS
Exploits2References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•26 views

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected...

5.4CVSS5.4AI score0.00642EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•24 views

Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.6CVSS7.6AI score0.01738EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•24 views

Cisco IOS XR Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect permission settings on binary files in the affected software. An attacker could exploit this vulnerability by sending...

6.7CVSS6.5AI score0.00375EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•20 views

Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitati...

7.3CVSS8.2AI score0.01594EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•21 views

Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability

A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service DoS condition. The vulnerability is due to incomplete...

5.8CVSS5.5AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•22 views

Cisco IOS XR Software Local Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending...

6.7CVSS6.9AI score0.00712EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•27 views

Cisco Prime Collaboration Provisioning Tool Arbitrary File Download Vulnerability

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. The vulnerability is due to insufficient input...

6.5CVSS6.4AI score0.02992EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•24 views

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

4.7CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•33 views

Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a reflective cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

4.1CVSS5.4AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•25 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected...

5.4CVSS5.4AI score0.00642EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•28 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an...

4.7CVSS6.1AI score0.0128EPSS
Exploits2References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•23 views

Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. The vulnerability is due to insufficient session management during user authentication. An attacker could exploit this...

5.9CVSS5.7AI score0.0153EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•29 views

Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

5.8CVSS5.8AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•19 views

Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability

A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. The vulnerability is due to the logging of sensitive details of specific user actions. An attacker could exploit this...

5.1CVSS5.1AI score0.00384EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•24 views

Cisco Prime Collaboration Provisioning Tool Information Disclosure Vulnerability

A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. The vulnerability is due to insecure file permissions. A successful exploit could allow the attacker to access sensitive information...

5.5CVSS5.2AI score0.00351EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•31 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1CVSS6.2AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/21 4:0 p.m.•27 views

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

4.7CVSS6.1AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•24 views

Cisco Ultra Services Framework Staging Server Insecure Default Credentials Vulnerability

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device. The vulnerability is due to weak, hard-coded credentials of the admin user present on the affecte...

6.3CVSS8.7AI score0.01499EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•20 views

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...

6.1CVSS6.4AI score0.01203EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•23 views

Cisco Ultra Services Framework Element Manager Insecure Default Account Information Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user. The vulnerability is due to a user account that has a default and static password. An attacker could exploit this...

6.3CVSS8.9AI score0.02276EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•42 views

Cisco AnyConnect Local Privilege Escalation Vulnerability

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input...

7.8CVSS7.7AI score0.00371EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•20 views

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

6.3CVSS8.9AI score0.00797EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•26 views

Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system. The vulnerability is due to weak, hard-coded credentials present ...

6.3CVSS8.7AI score0.01499EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•29 views

Cisco Ultra Services Platform Information Disclosure Vulnerability

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...

5.5CVSS5.2AI score0.00307EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•43 views

Cisco StarOS Arbitrary File Modification Vulnerability

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. The vulnerability is due to insufficient input...

4.1CVSS5.2AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•28 views

Cisco TelePresence Endpoint Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP of the Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerabili...

7.5CVSS7.6AI score0.03564EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•19 views

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

A vulnerability in the role-based access control RBAC functionality of Cisco Prime Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the...

9.8CVSS9.8AI score0.35388EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•25 views

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. The vulnerability is due to insufficient sanitization of commands that are permitted to run from the ConfD...

5CVSS8.8AI score0.02207EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•55 views

Cisco Prime Data Center Network Manager Server Static Credential Vulnerability

A vulnerability in Cisco Prime Data Center Network Manager DCNM Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges...

9.8CVSS9.6AI score0.10716EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•27 views

Cisco Unified Communications Domain Manager Open Redirect Vulnerability

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker...

6.1CVSS6.3AI score0.01201EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•27 views

Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system. The vulnerability exists because the affected component does not sufficiently protect files that...

4.4CVSS5.2AI score0.00275EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•28 views

Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerabilities are due to insufficient validation of user-supplied input in...

4.1CVSS5.7AI score0.01309EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•23 views

Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...

5.5CVSS5.6AI score0.00307EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•35 views

Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. The vulnerability is due to insufficient checks when creating directories on the system. An attacker could...

4.3CVSS7.6AI score0.01352EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•23 views

Cisco Context Service SDK Arbitrary Code Execution Vulnerability

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. The vulnerability is due to insufficient...

5.6CVSS9.7AI score0.04841EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•23 views

Cisco Elastic Services Controller Insecure Default Credentials Vulnerability

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successf...

6.3CVSS8.7AI score0.02276EPSS
Exploits0References1
Cisco
Cisco
•added 2017/06/07 4:0 p.m.•38 views

Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...

6.1CVSS6.1AI score0.01242EPSS
Exploits0References1
Total number of security vulnerabilities5224