VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0171CriKEVMar 28, 2018
    risk 0.87cvss 9.8epss 1.00

    A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected…

  • CVE-2017-3881CriKEVMar 17, 2017
    risk 0.87cvss 9.8epss 0.99

    A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management…

  • CVE-2026-20182CriKEVMay 14, 2026
    risk 0.86cvss 10.0epss 0.88

    May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this…

  • CVE-2026-20127CriKEVFeb 25, 2026
    risk 0.84cvss 10.0epss 0.58

    A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to…

  • CVE-2018-0125CriKEVFeb 8, 2018
    risk 0.80cvss 9.8epss 0.55

    A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root…

  • CVE-2016-6366HigKEVAug 18, 2016
    risk 0.79cvss 8.8epss 0.88

    Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted…

  • CVE-2017-6736HigKEVJul 17, 2017
    risk 0.78cvss 8.8epss 0.71

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2025-43300CriKEVAug 21, 2025
    risk 0.77cvss 10.0epss 0.20

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8.…

  • CVE-2025-24201CriKEVMar 11, 2025
    risk 0.77cvss 10.0epss 0.04

    An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2,…

  • CVE-2018-0151CriKEVMar 28, 2018
    risk 0.77cvss 9.8epss 0.14

    A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to…

  • CVE-2018-0147CriKEVMar 8, 2018
    risk 0.77cvss 9.8epss 0.19

    A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of…

  • CVE-2017-12240CriKEVSep 29, 2017
    risk 0.77cvss 9.8epss 0.14

    The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system…

  • CVE-2025-31201CriKEVApr 16, 2025
    risk 0.76cvss 9.8epss 0.12

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of…

  • CVE-2025-31200CriKEVApr 16, 2025
    risk 0.76cvss 9.8epss 0.21

    A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code…

  • CVE-2018-0101CriJan 29, 2018
    risk 0.75cvss 10.0epss 0.87

    A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an…

  • CVE-2018-15379CriOct 5, 2018
    risk 0.74cvss 9.8epss 0.86

    A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of…

  • CVE-2017-6737HigKEVJul 17, 2017
    risk 0.73cvss 8.8epss 0.43

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2016-1287CriFeb 11, 2016
    risk 0.73cvss 9.8epss 0.77

    Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X…

  • CVE-2018-0296HigKEVJun 7, 2018
    risk 0.72cvss 7.5epss 1.00

    A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software…

  • CVE-2017-6622CriMay 18, 2017
    risk 0.72cvss 9.8epss 0.62

    A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP…

  • CVE-2017-6742HigKEVJul 17, 2017
    risk 0.71cvss 8.8epss 0.21

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2016-6415HigKEVSep 19, 2016
    risk 0.71cvss 7.5epss 0.88

    The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA)…

  • CVE-2026-20230HigKEVJun 3, 2026
    risk 0.70cvss 8.6epss 0.42

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected…

  • CVE-2018-0127CriFeb 8, 2018
    risk 0.70cvss 9.8epss 0.78

    A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of…

  • CVE-2017-6744HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.07

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6743HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6740HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6739HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2017-6738HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2025-43529HigKEVDec 17, 2025
    risk 0.69cvss 8.8epss 0.08

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to…

  • CVE-2025-31277HigKEVJul 30, 2025
    risk 0.69cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2018-0174HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists…

  • CVE-2018-0173HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply…

  • CVE-2018-0172HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists…

  • CVE-2018-0167HigKEVMar 28, 2018
    risk 0.69cvss 8.8epss 0.03

    Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute…

  • CVE-2018-0155HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of…

  • CVE-2017-9805HigKEVSep 15, 2017
    risk 0.69cvss 8.1epss 0.99

    The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

  • CVE-2018-0258CriMay 2, 2018
    risk 0.68cvss 9.8epss 0.50

    A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following…

  • CVE-2016-6367HigKEVAug 18, 2016
    risk 0.68cvss 7.8epss 0.23

    Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.

  • CVE-2017-11502CriJul 20, 2017
    risk 0.67cvss 9.8epss 0.07

    Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.

  • CVE-2017-6639CriJun 8, 2017
    risk 0.67cvss 9.8epss 0.35

    A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The…

  • CVE-2016-6433HigOct 6, 2016
    risk 0.66cvss 8.8epss 0.76

    The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.

  • CVE-2026-20223CriMay 20, 2026
    risk 0.65cvss 10.0epss 0.01

    A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and…

  • CVE-2024-20418CriNov 6, 2024
    risk 0.65cvss 10.0epss 0.03

    A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2018-0301CriJun 20, 2018
    risk 0.65cvss 9.8epss 0.18

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the…

  • CVE-2018-0268CriMay 17, 2018
    risk 0.65cvss 10.0epss 0.05

    A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the…

  • CVE-2018-0222CriMay 17, 2018
    risk 0.65cvss 10.0epss 0.04

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of…

  • CVE-2018-0238CriApr 19, 2018
    risk 0.65cvss 9.9epss 0.05

    A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any…

  • CVE-2017-5824CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.20

    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

Page 1 of 145