VYPR

Industrial Network Director

by Cisco Systems, Inc.

CVEs (14)

  • CVE-2023-20036CriNov 15, 2024
    risk 0.65cvss 9.9epss 0.13

    A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when…

  • CVE-2019-1976CriSep 5, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the…

  • CVE-2023-20038HigJan 20, 2023
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key…

  • CVE-2018-0446HigOct 5, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2019-1861HigJun 5, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit…

  • CVE-2020-3567MedOct 8, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability…

  • CVE-2019-15973MedNov 26, 2019
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application. The vulnerability is due to…

  • CVE-2017-6675MedJun 13, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176).

  • CVE-2019-1940MedJul 17, 2019
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to…

  • CVE-2023-20039MedNov 15, 2024
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing…

  • CVE-2023-20037MedJan 20, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit…

  • CVE-2019-1882MedJun 5, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit…

  • CVE-2019-1881MedJun 5, 2019
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-15392MedOct 5, 2018
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this…